The University of London’s Computing Centre (ULCC) has recovered from a major cyberattack that cut dozens of UK institutions from the institution’s IT services for five hours this morning.
The incident appears to have started around 7am and by 9am ULCC said it was looking into a firewall issue. By 10am, engineers had reset its firewalls and core routers but had been unable to solve the issue.
By mid-day, the assessment had become clearer. “All our services are now up and running again! The networking issue was caused by a cyber attack,” read an update on the institution’s website.
“We have taken action to block the source. An incident report will be produced and shared in due course.”
An important service provided by ULCC is the hugely popular Moodle learning environment, a sort of all-in-one system for supporting online learning, incredibly important during exam season. ULCC also acts acting as a critical node on the JANET network.
Not surprisingly, the interruption to the service was noticed far and wide with numerous tweets on the outage underlining the scale of the chaos across academia.
The Centre hasn’t expanded on the specifics of the cyberattack although the Times Higher Education website suggested that the traffic being aimed at the ULCC’s firewalls might have been routed through another UK university. The incident certainly points to a DDoS attack.
By the time a DDoS has fired traffic into the firewall layer, it’s almost certainly too late to avoid downtime. Depending on the generation of firewall in question, it can quickly make the problem worse by turning into a bottleneck.
As it happens, the ULCC was hit by a smaller DDoS attack in February. The institution’s importance for the UK sector was clearly on the mind of the attacker, probably using the DDoS to probe for more complex weaknesses.
"This attack was clearly implemented to have maximum impact on a system that would have been at peak usage around exam-time," commented director of security firm Webroot.
"While it’s positive to see that staff at ULCC have got the system back up and running, over 4 hours of ‘complete shutdown’ is not an acceptable time-period in most businesses cases.
"Hopefully this case will serve as a warning to other organisations, encouraging them to ensure that they have an effective strategy in place to make sure user experience is impacted as little as possible," he said.