Universities and colleges are among the risk group that is mostly
affected by the frequent DDOS attacks according to the latest research. For example, in the UK alone, more than 200
universities were hit by 850 DDOS attacks in 2018. This raises a major concern
about the security of universities and colleges worldwide.
The attackers may be members of the university staff or students and the cycle of the attacks is often linked to the academic calendar of the educational institutions, so that their consequences can bring real damage.
Also, it is worth mentioning that the first DDOS attack took place back in 1974 and the victim was represented by the University of Illinois. Since then, universities and colleges are the preferable platform for young hackers to practice their skills.
DDOS Protection – Why do DDOS Attacks Happen?
Universities and colleges have different websites that vary from representing general information about themselves to the complicated ones including campus systems and financial accounts of students and staff.
Most valuable websites include personal information with social security numbers, addresses, financial information etc. In addition to that, universities and colleges hold a lot of information regarding intellectual property and various researches which may be interesting from the commercial point of view.
All of this information can be valuable for the hackers, who may steal the data and sell it online or ask for the buyout from the administration. Usually, this can be done by some criminal elements that may attack you from any point of the world. This is why the DDOS protection is very important from the commercial standpoint.
Another common reason for the DDOS attacks is students` displeasure by the administration. This may include different factors that push them to commit a crime. For example, it may be done if a student wants to correct his/her grades, postpone the exam assignment, hide the traces of plagiarism like pay for someone to do your assignment, which was found out by the administration etc.
It may also include the general curiosity of the students, especially those who practice hacking, on how they can trick DDOS protection software of university or college.
The reasons may be different; however, it is clear that for the majority of the university websites are the first platforms for the experiment. The displeasure by university or college administration may also concern their staff, which may do the same things.
Nowadays, the process of organizing the attack is not complicated. There is no reason for writing special software for that when everything can be found online. Big of such software is sold on the darknet and has clear and simple instructions of use for its owners.
Such websites as webstresser.org was one of the biggest platforms for hiring DDOS attack services. Only as of April 2018, there were more than 4 million attacks organized through webstresser.org. This website allowed people with low technical knowledge to commit any DDOS attack they wanted just for the price of 15 EUR a month. In 2018 the site was shut down and its administration was arrested.
Parts of the DDOS attacks are planned. Usually, when it comes to the security, universities may make stressor attacks to test the system. The cost of such a test is rather high, but when the system is already tested – it may become more secure.
What to do?
Here are some simple steps that university or college can take in order
to prevent DDOS attacks from any individuals:
- Do traffic
monitoring. Sometimes weird incoming traffic changes (abrupt and sudden rise of
it), suspicious IP addresses` visits can indicate that your security system is
being tested to commit a DDOS attack. - Pen
testing. Commit planned “test” DDOS attack against your organization and its
system in order to see how it will react to it. When conducting the attack, you
may find the gaps in the system that may be fixed for the future. - Harsh
punishment. If the attack is committed by a student, try to find out the reason
why he/she has done this and what methods have been used. Do not tolerate such
behavior, but try to find out how exactly this was done to prevent similar
attacks in the future. - Strengthen
security of the most important websites and internal web. Try not to give
access to the websites to anyone, who is not a part of your university or
college web. If the system is difficult to access, then it is easier to find
the attacker if he/she worked from the inside. What is more, try to monitor
your security during the term time: most of the attacks are made at the end of
August – beginning of the September. - Explain
the consequences of the DDOS attacks to staff and students and the possible
punishments for the violation of the security measures.