Cyberattack disruption lingers at Cambridge University

Possibly linked to a DDoS in February

Staff and students have been unable to access critical systems for weeks

Image:
Staff and students have been unable to access critical systems for weeks

The University of Cambridge's Clinical School Computing Service (CSCS) fell victim to a cyberattack in February, leaving hundreds of researchers and staff unable to access important systems for the past five weeks.

The attack, characterised by the university as "malicious activity," has prompted proactive measures in response, including voluntarily shutting down some systems.

The CSCS is an IT system used by students and staff in various departments, including the School of Clinical Medicine, Department of Zoology, Milner Institute of the School of Biological Sciences, Sainsbury Laboratory and Stem Cell Institute.

The attack was confirmed in an email circulated to staff at the end of February, acknowledging that there would be "significant" disruption.

"We appreciate that some staff and students are experiencing significant disruption to their work and studies, and we are grateful for their patience and understanding," stated an excerpt from the email seen by Wired.

The university said it had taken certain services offline voluntarily, as part of its containment measures. It also said efforts were underway to restore the affected systems.

While the university's status page shows the majority of IT services are operational, websites for the medical school and CSCS remain offline and inaccessible.

Although the university contained the incident, investigations are still ongoing, with no timeline provided for their completion.

The impact of the ongoing disruption across departments remains unclear, and the university has not revealed any information about the nature of the incident.

Authorities, including the UK's data regulator, the Information Commissioner's Office (ICO), and the National Cybersecurity Centre (NCSC), are actively involved in assessing the impact of the attack. A dedicated "Critical Incident Management Team" has been established to manage the university's response to the situation.

The ICO confirmed its awareness of the incident and said it is conducting inquiries into the matter.

Similarly, a spokesperson for the NCSC said it is collaborating with the University of Cambridge to fully understand the incident's ramifications.

The university has confirmed no personal data was breached in the attack. However, it has advised the staff to adhere to best security practices, including the use of multifactor authentication and strong passwords. Individuals are urged to change their passwords immediately if they receive alerts indicating unauthorised access to their accounts.

This incident marks the latest in a series of cyberattacks targeting academic institutions.

Notably, in February, the University of Cambridge was among several academic institutions targeted by a DDoS attack, disrupting internet access and critical services. It's still not known if that attack was linked to this disruption.

Similarly, the University of Manchester found itself caught in a cybersecurity crisis, attributing the disruptions to a "serious incident" affecting both the university and its network provider.

The hacking group Anonymous Sudan claimed responsibility for attacking both universities, citing the UK's support for Israel (although the group is almost certainly Russian in origin).

Also last month, the University of Wolverhampton announced a cybersecurity incident, disrupting IT systems.

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.