What’s going on with these cyber attacks?
Large cyber attacks on University at Albany servers have students and officials scratching their heads — here’s what we know so far about these Direct Denial of Service attacks.
There have been several attacks over the course of the semester, with the most recent crashing the university’s domain name servers over spring break.
DDOS attacks seek to slow down online resources like Blackboard by overloading them with traffic, eventually crashing the system so that normal users like students and faculty cannot access the site.
These attacks deploy what is known as a “botnet,” which is made up of a massive number of “bots,” computers infected with malware, controlled by one person or group of persons.
“In one incident we counted over 600,000 source IPs over a period of four seconds that were participating in the (March) attack. However, it’s also possible that some of the attacks are originating from a single system that is spoofing source IPs,” said Martin Manjak, Chief Information Security Officer.
The nature of DDoS attacks makes them hard to predict, with seemingly random patterns of incidents.
“It’s very difficult to predict with any degree of certainty what will happen. For example, a month transpired between the February and March incidents,” said Manjak.
Although the source of the attacks are difficult to pinpoint, as the bots are spread over almost a dozen countries, ITS has reason to suspect the attacks are orchestrated by the same body.
“We suspect it’s the same actor because they’ve used identical tactics, such as amplified and reflected attacks.”
UAlbany is not the only victim of such attacks according to ITS; Manjak said in a campus-wide email that at least two other SUNY schools were experiencing the problem.
However, Manjak said he was not at liberty to discuss the identity of those schools.
Going forward, Manjak is not one hundred percent certain that the attacks will continue, but nevertheless, ITS has changed some protocols and policy.
“The University has made a number of changes to network settings, as well as reached an agreement with an external service provider to assist with our mitigation efforts.”
The motives of the attack are almost impossible to discern, which makes it that much harder to identify who might be responsible.
If more of these attacks occur, according to computer science experts, it becomes easier to defend against them, as internet traffic can be blocked from the bots as the attack begins.