Northumbria University in Newcastle is suffering problems across its networks and IT systems after a cyber attack.
A letter sent out to students said the university had been experiencing an ongoing IT issue that caused “significant operational disruption” and it was found there had been “a cyber incident”.
Computer Weekly was unable to get through to the university as lines appeared to be down.
According to the Chronicle Live, the letter said the university had appointed a group of external specialists to investigate the incident and had taken “immediate action in order to mitigate the impact”. It said the university had also informed the Information Commissioner’s Office and Northumbria Police.
In the letter, deputy vice-chancellor Peter Francis said: “The investigation is still at an early stage and we are working to recover the university’s systems and services as safely as possible in order to minimise the impact on you all.
“We take the security of our system extremely seriously, and were able to respond quickly to this incident.”
Following the attack, student access to the campus had to be limited and exams were cancelled.
According to a National Cyber Security Centre (NCSC) report last year, UK universities hold a treasure trove of personal and research data, intellectual property and other data assets that make them a tempting target for attacks by cyber criminals and state-sponsored actors.
The NCSC said the fact that the academic sector is, by necessity, one of the most open, forward- and outward-looking sectors makes the task facing an attacker far easier. As a result, it is estimated that UK universities lost £145m from cyber crime in the first six months of 2018.
Kelvin Murray, senior threat research analyst at Webroot, said UK colleges are a constant target for malicious actors. “Business email compromise scams, ransomware, attacks such as DDoS [distributed denial of service] and research theft have all been factors in the wave of attacks we have seen over the last few years,” he said.
“To get to grips with cyber security, institutions need to engage cyber resilience plans to protect their IT infrastructure and data, regardless of the crisis. IT teams must properly audit all machines connected to their networks and the data they hold. Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive.
“This should be underpinned by cyber security technology such as email filtering, anti-virus protection and sensible password policies.”