Students Blamed For University & College Cyber Attacks

A security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups. 

A government-funded agency that provides cybersecurity has examined the timing of 850 attacks in 2017-18. Jisc found a "clear pattern" of attacks being concentrated during term times and during the working day. When the holidays begin, "the number of attacks decreases dramatically".

The analysis of cyberattacks on the research and academic network concludes there are "suspicions that staff or students could be in the frame".

Rather than criminal gangs or agents of foreign powers, the findings suggest many of the attacks on universities and colleges are more likely to have been caused by disgruntled staff or students wanting to provoke "chaos".
Stopping for the holidays

"It's notoriously difficult to identify individual cyber-criminals," says Dr John Chapman, head of security operations for Jisc, (formerly the Joint Information Systems Committee). But the agency, which provides internet and computer services across the higher and further education sectors, has produced a report showing that the peaks and troughs of attacks mirror when students and staff were most likely to be present.

They increased from 08:00 or 09:00 and then tailed off in the early afternoon. There was a very sharp decline in attacks in the Christmas, Easter and summer breaks and during half-terms - with attacks rising again sharply when terms resumed.
The incidence varied from more than 60 a week in some parts of the autumn term, down to one a week in mid-summer.
There were more than 850 attacks across the academic year, aimed at almost 190 universities and colleges. This was up from fewer than 600 attacks on about 140 institutions in the previous year.

These were sustained attempts at disrupting networks and did not include incidents such as phishing frauds or attempts to use "malware" or "ransomware".

Dr Chapman says the attempts could include sophisticated state-sponsored cyber-attacks from other countries and "serious criminal players", targeting research or trying to steal sensitive information. But the analysis suggests many of the attacks on networks seem to be closer to home.

These include so-called "denial of service" or "distributed denial of service" (DDoS) attacks where hackers try to stop or overload networks, crashing computer systems. In one case, the security team monitored a pattern of attacks on an institution and saw they began at 09:00, finished at 12:00, began again at 13:00 and then finished about 15:00 to 16:00.
This raised the question whether this was caused by a student or member of staff, who took a break at lunchtime.

Causing chaos
Another investigation located the source of what seemed to be a four-day cyber-attack on a university. It was found to be coming from a university hall of residence and had been the result of an online gamer who had been "attacking another gamer to try and secure an advantage".

Other reasons could be a misplaced sense of "fun" at disrupting networks, "kudos among peers" for causing chaos or because of a grudge over poor grades or "failure to secure a pay rise".
The Jisc analysis says another factor in the summer dip could have been an international effort to take down so-called "stresser" sites.

These websites provide the means for carrying out "denial of service" attacks, which Jisc says can be sold "under the pretense" that the buyer wants to carry out a test to see how well their own network would withstand such an attack.

"So, there is evidence... to suggest that students and staff may well be responsible for many of the DDoS attacks we see," says Dr Chapman.

"If connectivity to the network is lost for any length of time, it can be catastrophic for any organisation, both financially and reputationally."

BBC: 

You Might Also Read:

Fraudsters £350k Spoof University Emails:

Canadian University Hit For $12m Phishing Scam:
 

 

« A Cyber Attack Could Cause The Next Financial Crisis
What Every Small Business Should Know About Hackers & Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

MassMutual Ventures

MassMutual Ventures

Mass Mutual ventures backs companies building category-defining businesses in markets including enterprise software, digital health, cybersecurity, and fintech.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

VCI Global

VCI Global

VCI Global is a diversified holding company. Through its subsidiaries, it focuses on consulting, fintech, AI, robotics, and cybersecurity.