U.S. colleges and universities are experiencing an increase in Distributed Denial of Service (DDoS) attacks, according to researchers at Akamai Technologies, a provider of content delivery network services in Cambridge, Mass.
The attacks on institutions of higher learning are part of an overall spike in DDoS activity, Akamai’s quarterly State of the Internet/Security Report found. Across the entire target spectrum, there was a 125 percent increase in DDoS attacks between the first quarter of 2015 and the same period in 2016, the report disclosed. There was also a rise in repeat attacks, with an average of 29 incidents per targeted organization.
On the positive side, colleges and universities generally aren’t high on the DDoS target list. Criminal perpetrators of DDoS attacks often target sites or services hosted on high-profile Web servers, such as banks and credit card payment gateways.
Lisa Beegle, senior manager of Akamai’s Security Intelligence Response Team (SIRT), told EdScoop that sophisticated, organized criminal individuals or gangs aren’t likely to be targeting educational organizations.
“There are definitely targeted organizations, for sure, but what we’ve seen in general as it relates to education is not showing that as yet,” she said.
However, higher-education institutions do experience regular attempts to make their computer resources or networks unavailable to users, according to Akamai researchers.
Massachusetts Institute of Technology is a case in point. An investigation by Akamai’s SIRT into a persistent DDoS campaign against MIT revealed that so far this year, MIT has seen more than 35 DDoS attempts on its systems. Attackers targeted multiple-destination IPs within the MIT network during the campaigns, according to SIRT researchers.
“The reasons for the attacks are varied,” said Jose Arteaga, an engineer for Akamai’s SIRT. “In the MIT case, we really don’t know what prompted those attacks. It could be anything as simple as a student, no matter what age. It could be a student who doesn’t want to take a test that day — something silly like that can prompt an attack. The tools are fairly accessible and easy to use, so anybody could do it.”
Beegle said it’s difficult to “drill down” to isolate what the targets were in the MIT attacks. “There are so many variables, it’s hard to identify what specifically they could have been going after,” she said.
SIRT’s study on the MIT case found that a good portion of the campaigns were reflection-based attack vectors and that the reflection population was mostly concentrated in China. However, Arteaga suggested that the malicious actors against MIT could be disguising their locations. “The sources of attack do not necessarily indicate the threat actors’ actual location,” he said.
To deal with DDoS attacks, educational institutions should have an “internal playbook” in place and should review security procedures every quarter, Beegle said.
“Have a process in place, understand what the layers of the [network] stack are, and have a mitigation strategy,” she said. “They should be practicing for a security incident and how they’re going to react, and ensuring they have the resources. They should find out where the vulnerabilities are within their environment to ensure that they’ve either accepted the risk or have done something to try to minimize what that risk could be.”
After an attack, it’s important to regroup, do an analysis, and determine what went right, what went wrong,” she added.
“It is a constant evolution as it relates to processes and procedures,” Beegle said. “You’re never going to get it 100 percent right, but if you can minimize the impact [of a DDoS attack] and educate your executives as to what potential impact or risk might be, you’re much better off to where you don’t have to publicly disclose it because the overall impact was either non-existent or it was minimized.”