Content, Content, EMEA, Europe, Vertical markets

DDoS Attacks Target UK Universities: Who’s Behind Them?


Nearly 200 universities in the U.K. have reportedly been hit with at least 850 distributed denial of service (DDoS) attacks in the current academic year.

JISC, a cybersecurity provider to educational institutions in the U.K., suspects students or staff may be behind the attacks, inasmuch as the volume has ticked up when school is in session and dipped during off periods. But at this point, there's no proof, only speculation and circumstantial data.

“The troughs, when the number of attacks decreases dramatically, always appear during holiday times,” wrote John Chapman, who heads JISC’s security operations center, in a blog post (via TechNadu). “This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle. Or perhaps the bad guys simply take holidays at the same time as the education sector. Whichever the case, there’s no point sending a DDoS attack to an organization if there’s no one there to suffer the consequences.”

Could staff members or students be launching the attacks? Or is it an opportunistic hacker? It’s hard to say -- culprits in DDoS attacks are not easy to find. Still, JISC has an inkling based the data:

  • For the period January through August, 2018, there have been slightly fewer attacks starting in the early hours, but more in the core of the day, when compared to the same time last year.
  • The peak period continued for longer during the first eight months of this year than last year. In 2017, the number of attacks started to wane from 1 p.m., this year it is 2 p.m.
  • Several attacks at a college earlier this year started at 9 a.m. and finished at 12 noon, began again at 1 p.m. and finished at around 3 p.m. to 4 p.m.

“This suggested that the perpetrator was someone who wanted to get online at lunchtime, but didn’t want to do any work during the day,” Chapman wrote. He conceded that the motives behind a student or staff attacking attacking their college or university were difficult to zone in on. Was it for the “fun of disruption and kudos among peers of launching an attack that stops internet access and causes chaos, or because they bear a grudge for a poor grade or failure to secure a pay rise.”

Some of the time, a cyber attacker slips up and gets caught. In one episode tracked by JISC, a student had been playing an online game and had attacked an opponent with a DDoS disruption to try to gain an advantage. “What we were seeing coming over the network and into the hall of residence was a revenge DDoS attack,” Chapman wrote.

Studies show that the number and severity of DDoS attacks have increased in the past year. According to Akamai’s Summer 2018 State of the Internet/Security: Web Attack report, DDoS blitzes ticked up 16 percent between summer 2017 and summer 2018.

In another report, Nexusguard pegged the increase in DDoS attacks at 29 percent for Q2 2018 when compared to the same period last year. It’s not just the number of DDoS attacks that are alarming, it’s the size, the security provider said. For the period, average-size attacks (26.4Gbps) showed a year-over-year increase of 543 percent while maximum-size attacks (359Gbps) rose from last year by 464 percent, according to the findings. Communication service providers, positioned as the medium between the attackers and the target’s servers and network infrastructure, bore the brunt of the spike in traffic assaults, the report said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.