How serious is the “cyber attack” at the University of Zurich (UZH) really? The information available so far paints an incomplete picture, as is often the case with ransomware attacks.
But is it really an action by Russian hackers? The “NZZ” spoke to a media official on Thursday, when the university made the attack public — and his answers raised new questions.
The university’s media office declined to provide detailed information Friday at Watson’s request. The accompanying justification will make you sit up and notice:
watson asked renowned IT security expert Marc Ruef for a critical review and explained why the case seems quite unusual.
Who is behind the “cyber attack”?
We do not know that.
In its statement, the university itself makes a connection with previous ransomware attacks.
This approach would be typical of the most dangerous ransomware gangs, which mostly operate from Russia.
The Vice Society group could be an option. It became known in Switzerland through the attack on the municipality of Rolle VD and the leak of sensitive data. And of all gangs, it launches the most attacks against educational institutions, be it primary schools or universities.
What are the DDoS attacks about?
A media official from the university spoke to the NZZ about attacks that had intensified “for a few days”. And furthermore: The hackers are said to have tested the university network in various ways.
Here, security expert Ruef reacts with surprise:
In addition, the extremely active ransomware gang Lockbit hinted last year that they could also use DDoS attacks in the future to further intimidate victims who do not want to pay. The American medium Bleeping Computer stated that the criminals would rely on triple extortion.
The FBI had previously warned that criminals could use server overload attacks as leverage to force victims to negotiate. And smaller, targeted DDoS attacks can be launched as a cover for installing malware (infiltration) or stealing data stealthily (exfiltration).
Why do all university members have to change their password?
After the cyber attack was made public on Thursday, the UZH website posted a request that made people sit up and take notice. The IT managers called for all passwords for the university systems to be changed.
The “Identity Management Service” is the central administration of all persons and accounts by the university’s IT service provider.
All employees and students have also been asked by e-mail to change their password.
Swiss IT security expert and former hacker Marc Ruef is critical of this move:
The security expert warns:
Why has VPN access changed?
Also logging in Virtual private network (VPN) The IT specialists have breathed new life into the university, writes the NZZ. “In this way we have been able to prevent new entry opportunities,” said the media official.
By way of explanation: A VPN service establishes a secure connection that leads, for example, from the professor’s private PC via the Internet to the university network. All data flowing through this virtual “tunnel” is encrypted.
Security expert Marc Ruef says:
In the academic environment, openness and freedom are very important, Ruef notes. This “unfortunately clashes with the needs of cybersecurity”. Many institutions therefore deliberately ignored the subject.
It is not known whether this was the case at the University of Zurich. The information so far and the ongoing cyber attacks do not allow conclusions yet.
Is the situation under control?
According to the university’s statement, defenses were immediately reinforced and the attacks were countered “with internal resources and external support”.
However, the attacks continued on Friday.
IT security expert Ruef:
On the university’s website, another message was posted on Friday afternoon under the topic “Support”, which shows that IT managers are under great pressure:
The good news: so far (as of 5pm Friday afternoon) the IT infrastructure seems to be holding up. And the university’s website was also accessible.
How big is the damage?
There is no reliable information about this. Based on the available information, no all-clear can be given. On the contrary!
The university is concerned “about the security of research data and possible loss of information that could violate privacy protection”, it sounds.
That is why the responsible persons of the university also included experts in the field of data protection, the cantonal police and other universities. A police spokesperson confirmed to srf.ch on Friday that an investigation is underway.
All other Swiss universities and other educational institutions should also be extra alert. If the attackers succeeded in hijacking user accounts, targeted phishing emails threaten.
Sources
- uzh.ch: Cyber attack on the University of Zurich
- nzz.ch: “It looks relatively serious”: a massive cyber attack hits the University of Zurich (subscription only)
- srf.ch: Major cyber attack on the University of Zurich: the police are investigating
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
