The DDOS attack on IT provider SURF affected many education and research institutes in the Netherlands on Thursday. Photo Shutterstock Update Friday 17 January 10:30:
Another major ddos attack is happening today, causing network problems at WUR locations. At WUR, people may experience a slow or absent internet connection. People working from home are reporting issues with logging on to the WUR network.
Update Friday 17 January 12:30
According to SURF, the ddos attack has stopped again.
Cybercriminals appear to increasingly target educational institutes, with DDOS attacks on education and research institutes’ collective IT organisation SURF in the past few days. There is, however, no reason to suspect WUR was also affected, says IT director Victor Viveen. The DDOS attacks have ceased.
TU Eindhoven (TU/e) took its network offline last Monday after catching a hacker trying to penetrate the server. The university’s IT specialists took the servers offline to prevent data from being stolen or hijacked. The TU/e is currently reconnecting its network in stages.
University college magazine Bron reported on Wednesday afternoon that Fontys University College was affected. A DDOS attack on the education and research institutes’ joint IT organisation SURF was the reason behind this attack. During a DDOS attack, a large volume of internet traffic is directed towards a single point, causing the network to collapse. WiFi, phones and other devices were disconnected. By mid-afternoon, the impact had been stabilised, and services returned to normal.
The attacks do not appear to be linked. Nevertheless, all educational institutes are vigilant. Viveen: ‘There is a lot going on within the universities’ IT domain, but not everything is related. The information provided by Eindhoven helps other institutes check their security. We check the data and the route it has taken and investigate whether similar data is found at other institutes. We are collaborating intensively with SURF as well. We are currently on high alert. Our infrastructure is under continuous scrutiny; something could happen at any moment. There is currently no reason to suspect we have been affected.’
SURF impacted
SURF faced two attempts to disrupt ‘the network in the south of the country’ on Thursday morning, a spokesperson reports. ‘Last night, everything was finally restored to normal, but the attacks have begun again.’ Fontys University College reported issues, as did Maastricht University and the Máxima MC Hospital in Eindhoven.
On the grotestoring.nl website, SURF posts regular updates. In its post just before lunch on Thursday, it reports that ‘all institutes are currently facing slow or non-functioning internet connections.’ The attacks seemed to have stopped by the end of the day, and network speeds and stability returned to normal.
‘We expect the combination of measures we have taken in collaboration with our network partners will mitigate the impact of a next attack. Unfortunately, we cannot provide any guarantees,’ SURF states in Thursday afternoon’s update.
Hijacking software
Cyber attacks are a regular occurrence. Research financier NWO was attacked last August. Personal data of 530 thousand individuals were stolen from Hogeschool van Arnhem en Nijmegen in 2021. The most notorious attack was the one that affected Maastricht University, where all systems were hijacked in the 2019/2020 Christmas holiday. The university eventually paid the 200,000 euros in ransom money to prevent further damage to its education and research.
Source: HOP/Dominique Vrouwenvelder