peampath - stock.adobe.com
The attack on its network is understood to have begun shortly before 10pm on Wednesday 14 April, and the university’s IT teams are currently working to restore services.
In a statement, the university said: “As a result, all online teaching will be cancelled today (Thursday 15 April), and we understand that this may impact students being able to submit assignments. We want to reassure our students that no one will be disadvantaged as a consequence of this.
“Any in-person, on-campus teaching may still continue today, if computer access is not required, but students will have no on-site or remote access to computer facilities in the LRCs [learning resource centres], labs or the university Wi-Fi.
“We apologise for the inconvenience this situation has caused and will continue to keep you updated.”
The full list of services that are currently unavailable can be read on the university’s service status page, available here. It includes university logins and password services, student records, student mobile and study services, Microsoft Office 365 access, collaboration services such as Teams and Zoom, network and Wi-Fi access, off-campus VPNs, data storage, staff email, and critical business systems.
The UK’s National Cyber Security Centre has been warning for some time of increased targeting of academic institutions – both schools and universities – particularly from ransomware gangs, and recently updated its own guidance on the topic to reflect the current high attack volumes.
It is, however, important to note that at the time of writing, the University of Hertfordshire had not formally disclosed the nature of the attack, or whether it had been hit by ransomware.
Read more about security in education
- Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector.
- Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks.
- Cyber attack on central trust that manages secondary schools in Nottinghamshire leaves them unable to access IT systems and deliver remote lessons.
Educational bodies are nevertheless considered easy targets by cyber criminals because they often lack the resources to secure their data adequately, hold large amounts of personal information, and may come under more public pressure to pay a ransom.
Jérôme Robert, director at Alsid, said universities are starting to become aware that they are prime targets. “The sheer size of the student and faculty at a university – in Hertfordshire’s case nearly 28,000 people – makes it incredibly difficult to secure and manage the IT estate,” he said.
“Think of the huge volume of new joiners and leavers each year at universities. IT teams somehow have to manage that process of creating, deleting and managing all those accounts. It’s a never-ending operation to keep all of that neat and tidy, and any oversights, such as old accounts not being closed down, present risk. On top of this, higher education is currently at heightened risk because of the increase of network activity and general complexity of enabling hybrid learning.”
Robert added: “Universities should make sure that all key patches and updates are installed, that they are carefully monitoring their network for signs of intrusion and that their Active Directory system is secure and being closely monitored – especially for signs of privileged user escalation or lateral movement. The Active Directory represents the keys to the castle in IT terms, so it pays to make sure it’s hardened and closely monitored to help prevent many different types of threats, including ransomware.”