Cyber-Attack Takes ULCC Offline for Hours

The University of London Computer Centre (ULCC) has been hit by a major cyber-attack, knocking out open source learning platform Moodle and numerous university websites for several hours.

The attack is thoughts to have struck at 7.30 on Thursday morning, local time, and continued till around midday.

Initial status updates from ULCC claimed that “an issue with our firewall” was the cause of the outage.

However, a final update at midday told a different story:

“All our services are now up and running again! The networking issue was caused by a cyber attack. We have taken action to block the source. An incident report will be produced and shared in due course. We appreciate your patience, understanding and words of support on social media.”

There’s no further information on the attack – whether it was a straightforward DDoS or something more sinister – but it’s thought to have originated in the UK, according to Russia Today.

Back in February, the ULCC suffered a denial of service attack lasting a couple of hours.

Despite the name, the ULCC is actually an IT services non-profit which supports over 300 UK educational institutions including the University of York, the European Library, and the American College of Beirut.

It’s also responsible for hosting Moodle, marketed as “the world’s open source learning platform”, which is used by over two million students.

Unsurprisingly, many students took to Twitter to vent their anger over the outage, which came on the eve of important exams for some.

Rob Lay, enterprise and cybersecurity solutions architect at Fujitsu, argued that all organizations are a target for cyber-criminals today.

“Organizations can no longer afford to make mistakes in security. By communicating from the top down what cybersecurity means to its business, organizations can help all staff recognize their responsibility in ensuring the company is adequately prepared to manage threats,” he added.

“Security impacts everyone, including students, and being prepared to respond quickly to incidents will help to reduce that impact.”

Webroot director, George Anderson, added that four hours of “complete shutdown” would be unacceptable for most businesses.

“Hopefully this case will serve as a warning to other organizations, encouraging them to ensure that they have an effective strategy in place to make sure user experience is impacted as little as possible,” he argued.

What’s Hot on Infosecurity Magazine?