Distance learning makes universities more vulnerable to cyberattack

Expert suggests universities take extra care to prevent attacks while students are learning from home.

TechRepublic’s Karen Roby spoke with Carlos Morales of VP and general manager of DDoS Security Services at NetScout Systems, which provides application and network performance management products, about security concerns with remote learning at universities. The following is an edited transcript of their conversation. 

Carlos Morales: We had a really interesting thing. We’ve been seeing distributed denial of service attacks (DDoS), against universities for years. But we had a particular incident recently where a university in the US was attacked, and they asked us to help forensically, or basically trace back, what the attack sources were, trying to figure out if it was a student, or if it was some type of malicious actor. And the thing that was very unusual about this was we were able to trace back the attack to another university in the same state, in fact. So it was a rival university that was actually generating the traffic.

SEE: COVID-19 workplace policy (TechRepublic Premium)

That’s a hugely unusual thing. Normally a lot of the attacks on educational institutes maybe are from either criminal elements, or students themselves who are looking to avoid tests or avoid things that are happening from the school front. But this one university to another really is something that is unusual by today’s standards.

It does kind of harken back to the beginning of DDoS, over 20 years ago, where actually on the beginnings of the internet, it was largely educational institutions and research institutions that would have communications between each other to facilitate the exchange of large files, research, etc. And in those days, one university would attack another university just to kind of prove that they could, and it was more of like a War Games that would happen between graduate students, or even professors in universities. Today, that’s become a lot more commercial. Things that are impacting universities are happening largely because of the fact that a university is teaching certain subjects or again because of the student populace wanting to avoid some aspect of their schooling, and so they perpetuate attacks. The whole concept of one university to another, therefore, it’s kind of unusual, and it was an interesting case.

Karen Roby: Right now, it seems most are either going fully online or maybe a hybrid-type setup. We’re talking about schools all around this country that are going to be operating in ways that are completely different than how they have in the past. When we talk about cybersecurity, knowing all of these universities are having to make this big of a change, what are your biggest concerns in terms of where they’re vulnerable? 

Carlos Morales: Well, I’ll start with an analogy maybe. There’s this concept called an attack surface, which basically means, this is the entirety of the area where you’re vulnerable to some type of threat. What we’ve basically seen over the last six months is the attack surface for universities to grow significantly. Again, the analogy I was talking about is, think about a boxer. A university used to be largely an on-campus thing. You did a lot of the registration, the bursar activities, all the payments, all that stuff over mail, and you went and attended classes in person, you took tests in person, wrote things down, gave it to a professor, and the grading happened, etc. There were things that were on computers, and certainly there were websites and maybe research and some other things, but it was fairly limited. In the case of, let’s say, a boxer, that means that all they have to do is protect a little part of their face, because that’s all that’s actually exposed to the other boxer.

SEE: Return to work: What the new normal will look like post-pandemic (free PDF) (TechRepublic)

What’s happened now is a whole bunch of things that used to be done in person are now done remotely. Start with teaching: Virtual classrooms require somebody to be on a Zoom or a WebEx or some type of Google Meet-type of platform, so that you’re able to convey the knowledge to multiple students at once that used to be physically in the same classroom as you. If there’s any disruption of that, that’s big, that’s a big attack surface. Call that the body of the boxer. When you register for classes, like my son is actually going into freshman year of college, and they did a registration for classes about a month ago. Most of the students, like 75% of the students registered in the first 15 minutes. That means there’s a frenzy of activity, going to a website, trying to get the right classes at the right schedule to fit your needs. All of that is online. Now that’s basically, let’s say the rest of the head, if you will, for the boxer to now go after. Testing is largely moved now online, that’s been happening over the course of the last two years, but now it’s actually accelerated. So, you think about all that, and you just get the entire torso.

Basically I think you get the idea. The boxer now has a whole bunch more things they need to protect. Same thing. The university has a whole lot more things that are critical to their ability to do business that they now need to protect. That’s really the net effect of what is the new virtual classroom. And even universities that are going live will have some aspect of virtual for students who can’t make it there, or people who get sick, with a pandemic or otherwise. The attack surface that the universities now have to contend with is multiple scales larger than what they had before.

Karen Roby: Whether we’re talking about a really large university or just a smaller school that may not have a large team of IT folks who are on top of things, what are some of the main things that you hope universities will keep in mind as we are making our way through really unprecedented times?

Carlos Morales: I think they need to invest in some of their IT and security infrastructure, as a starting point. I think the way that they allocate their budget has to be shaped around the way that, again, the attack surface and the move from physical to virtual has happened. There’s a lot more reliance on IT infrastructure, there’s a lot more reliance on applications. And this goes beyond just security. Security is somebody maliciously trying to get at some of these things. You still have availability of those platforms, reliability of those platforms, all of those things that are not necessarily security problems, but they’re IT problems. You want to make sure that the network underlying that goes to and from that, the internet access that you have, all of the systems and servers are well understood or redundant. You can survive things like a massive thundershower that knocks out a local transformer.

All of those things are things that maybe universities didn’t necessarily have to think about, because again, their reliance on that piece of technology was rather small and maybe not as impacting if it was to go out. Now it’s hugely impacting. I think that maybe reallocation of budget with more spend on IT and those kinds of things is an important consideration for universities.

Also see

20200724-netscout-karen.jpg20200724-netscout-karen.jpg

TechRepublic’s Karen Roby spoke with Carlos Morales of VP and general manager of DDoS Security Services at NetScout Systems, which provides application and network performance management products, about security concerns with remote learning at universities.

Image: Mackenzie Burke