University Fights Off Cyber Attack from Another School

hacker

A security company was able to work with a major unnamed university in the northeast to stop an attack that was initially thought to originate from students to disrupt online testing. It turned out to come from another university. Netscout Systems shared some details about the attack, which hit the university's online test platforms. Netscout produces programs that provide visibility into application and network performance.

According to Netscout experts, the attack vectors used weren't especially innovative, but the traffic was localized to sources geographically close to the university. And the timing of the security incidents coincided with what the company referred to as "typical student cyber activities."

The process of identifying and diagnosing the problem was quick, the company noted. It took Netscout's security operations center a couple of hours to identify the pattern and communicate that information to the university's IT department. From there the institution's IT organization examined its own traffic patterns. The attack was eventually traced back to a campus proxy run at another university.

Netscout said schools could expect an increase in security events as they shift more and more to remote learning. "Over the past couple of months and for the foreseeable future, students and teachers are relying on the internet to submit and grade assignments, conduct testing, collaborate on projects, share research and complete other vital tasks during the academic year," said Carlos Morales, vice president and general manager of DDoS mitigation services at Netscout. "With this level of reliance comes increased risk, as hackers seek out areas of vulnerability to exploit."

Attacks on educational networks vary. Those that are student-instigated, according to Morales, frequently focus on the use of "internet-based botnets for the purpose of test cancellation/delay." In this case, there was no specific motivation for the attack that could be readily identified.

On a larger scale, however, "attacks on admissions could have detrimental consequences on an academic institution from a monetary and reputation standpoint," said Morales. "In essence, universities by nature have a lot of bandwidth, allowing these varied attackers to bring to bear many different tools to take down their systems. Attacks can range from being very subtle to full-fledged 'carpet bombing' of vast IP address space, and can take many forms, making it difficult for universities to identify and mitigate."

As Morales explained, schools are susceptible to DDoS attacks because of their many connections with other institutions. A major challenge is differentiating legitimate traffic from harmful traffic. "As a result of collaboration, research and even gaming that takes place between parties from separate universities, a large attack surface is formed, providing plenty of opportunities for attackers to strike," he said.

If an attack is constructed well, it can mimic normalcy and come across initially as legitimate traffic, making it difficult to identify in the early stages, thereby allowing more time in which to cause damage. In the case of the university in this situation, Netscout's security team was able to look beneath the surface of the traffic that the school was seeing to find clues about the origins of the attack in order to create appropriate defenses. In doing so, they were also able to confirm that another university was behind the attack.

The job of the SOC is to build "client-specific templates and measures for each client," which can facilitate automatic mitigation, Morales noted. However, no automated approach can stop every attack. That's when a SOC's "collective experience and skills come together" and the team pulls together to analyze and adapt defenses to match attackers' methods. He added that success requires "having the right people to talk to and [keeping] the channel of communication open. Response time and the ability to mitigate threats depend on this collaboration and combined expertise."

Morales warned that as institutions prepare to include virtual instruction in their planning for the fall semester, they must be ready for the risks that coincide with external traffic entering networks. "Whereas in times past universities had a sense of what applications were available on campus, remote learning has moved everything off premise, posing numerous challenges," he said. "Universities have to continue observing and learning these new patterns, which is no small feat." The work is made more difficult by the various levels of a school's uniqueness — size, structure, varying curriculum and tools for each program and so on. "This can potentially bring to light many vulnerabilities that hackers will recognize and take advantage of."

Morales advised that universities spend time now "learning how their network behaves, what apps are available for use and what normal traffic looks like." From there, he said, "they can set up long-term monitoring and review the results of this monitoring on a regular basis. Universities have to understand their environment to secure it properly, and, if possible, reduce the size of their attack surface." Likening it to a boxer's stance, where the fighter "holds their hands up to reduce the amount of space on their body their opponent can hit," colleges and universities "must reduce their attack surface to a bare minimum and focus on those remaining exposed pieces to construct specialized defenses."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • cybersecurity analyst in a modern operations center monitors multiple digital screens showing padlock icons, graphs, and a global map with security markers

    Louisiana State University Doubles Down on Larger Student-Run SOC

    In an effort to provide students with increased access to real-world cybersecurity experience, Louisiana State University has expanded its relationship with cybersecurity solutions provider TekStream to launch TigerSOC, a new student-run security operations center.

  • flowing lines and geometric shapes representing data flow and analysis

    Complete College America Launches Center to Boost Data-Driven Student Success Strategies

    National nonprofit Complete College America (CCA) recently launched the Center for Leadership, Institutional Metrics, and Best Practices (CLIMB), with the goal of helping higher education institutions use data-driven strategies to improve student outcomes.

  • geometric pattern features abstract icons of a dollar sign, graduation cap, and document

    Maricopa Community Colleges Adopts Platform to Combat Student Application Fraud

    In an effort to secure its admissions and financial processes, Maricopa Community Colleges has partnered with A.M. Simpkins and Associates (AMSA) to implement the company's S.A.F.E (Student Application Fraudulent Examination) across the district's 10 institutions.