Cambridge among universities hit by 'malicious' cyber attack

One of the most prestigious academic institutions in the world - The University of Cambridge - was hit last week by a distributed denial-of-service (DDoS) attack which flooded its servers and disrupted internet access and services.

According to Varsity, students were notified by email of the attack, which disrupted access to services including education platform Moodle and CamSIS, the university's system for handling student information, records and transactions.

An email to staff at the university said it had been targeted by a DDoS (distributed denial-of-service) attack. It explained: "Traffic levels into the universities are deliberately being overwhelmed, causing the perimeter firewalls to become overloaded with requests, limiting their ability to reply to legitimate traffic."

A spokesperson for the Clinical School Computing Service at Cambridge University said:

Dean of Selwyn College Charlotte Summers said on X on Monday afternoon:

Whilst the initial impact appears to be over, it is not known whether the DDoS attack was used as a cover to steal information. It appears that the attack may have been linked to Hacking Group Anonymous Sudan and was in response to the UK’s stance on the war in Gaza. The true motive is not actually fully understood as it also seems that the group may be linked to Russian gang that emerged in 2023 which has been linked to similar attacks around the world.

So, what is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, website, or network by overwhelming it with a flood of Internet traffic. And recent experiences have shown that Healthcare is frequently a target for such attacks.

DDoS attacks frequently come from multiple sources to make their identification more difficult. It can also hinder the victim organization’s attempts to stop the DDoS. In lay terms it’s like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

DDoS normally present themselves, as you would expect, by a slowing or crashing of a company’s network or website. Which costs you time, reputation and money and potentially drives your customers to competitors websites.

The Fortified Health Report of 2020 notes that DDoS attacks can be used to disguise other network attacks that are planned to take place concurrently i.e., ransomware attacks, and the technology and capability behind DDoS is increasing rapidly and all organizations need to be prepared to meet the challenge.

The education sector remains a really attractive targets to cyber criminals due to the vast amounts sensitive personal data that they hold. They also hold Intellectual Property material that is of use to state actors and organised criminals alike. Even if a DDoS attack is not a feint designed to hide another type of incursion into your network, you have to answer one simple question. What would I do if I could no longer use my network?

The correct answer is don’t wait to find out – do what you can do now to make a successful attack less likely in the first place.

Can you protect yourself from these attacks?

DDoS attacks are notoriously difficult to prevent. The attackers don’t necessarily need internal access to the network as the attack is from the outside. They are increasing in complexity and sophistication meaning that defense against these dark arts needs continual review. But the key points for protection to remember are.

• Know your network's traffic. A free tool that we can recommend here is Police Cyber Alarm

• Create a Denial-of-Service Response Plan within your incident response plan

• Make your network resilient and practice good cyber hygiene – using CE principles

• Scale up your bandwidth. The greater the bandwidth the more effort a DDoS attacker will have to make to crash your site. Moving your operation to the cloud may help.

• Take advantage of anti-DDoS hardware and software. Speak to your Managed Service Provider (MSP) if you have one.

• Make sure all staff know the symptoms of an attack and respond quickly to it using your plan.

Consider speaking to a member of the centre about our affordable services and free core offer.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of business and loss of reputation. In the worst cases it can lead to the closure of the business altogether. But all is not lost.

Here at the centre, we would advise you to the following things now

• Join our growing community by signing up to free core membership of the Eastern Cyber Resilience Centre. You will be supported through implementing the changes you need to make to protect your business and your customers.

• For small and medium sized businesses in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security.

• And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).