University of Sunderland Hit by Suspected Cyber-Attack

A UK university has suffered a suspected cyber-attack, causing "extensive IT issues."

The University of Sunderland revealed the incident on its official Twitter account this morning, which stated: "our telephone lines, website and IT systems are still down." The institution first reported it was experiencing IT problems yesterday (12 October) and has now said it "has all the hallmarks of a cyber-attack."

A local newspaper, the Sunderland Echo, reported that all online classes had been canceled, and staff members faced difficulties accessing their emails. In addition, the University of Sunderland's official website remains down.

The university said that it is working with the police to try and resolve the problem and will continue face-to-face teaching as much as possible.

The full statement read: "We intend to continue face to face teaching as far as possible and will continue to update our staff and students, as well as continue working with the police.

"We take the security of our systems extremely seriously and we will resolve this as quickly as we can. We ask that prospective students direct message any inquiries in the meantime and that current students email universitysunderland.enquiries@gmail.com.

"Thank you for your patience."

The suspected cyber-incident follows a surge of attacks targeting schools, universities and colleges during the COVID-19 crisis. These include damaging attacks on two other universities in the North-East of England last year, Newcastle University and Northumbria University. And in April 2021, the University of Hertfordshire and the University of Portsmouth suffered network outages lasting days after ransomware threat actors struck.

It appears cyber-criminals view this sector as an easier target following digital transformation efforts during the pandemic, including the shift to remote learning. In July, the UK's National Cyber Security Centre (NCSC) updated its guidance on ransomware following a spate of attacks on the education sector.

Commenting on the story, Danny Lopez, CEO at Glasswall Solutions, said: "Reports of universities being the victim of cyber-attacks have become increasingly common over the last 18-months. It's concerning considering the extensive damage caused by lost data – for both students and staff – and access to vital educational services. The cyber-attack will inevitably have a significant impact on productivity. In addition, just as the new university term begins, students and staff have lost access to their campus network, which will undoubtedly affect teaching and access to study resources. 

"Educational institutions should adopt a 'defense-in-depth' approach to cybersecurity, as advised by the NCSC. This means using multiple layers of defense with several mitigations, which creates more opportunities to detect malware and prevent it from doing widespread harm to the institution."

What’s Hot on Infosecurity Magazine?