Rutgers University Suffers Sustained Cyber-Attacks

October 15, 2015//Ellen Neveux

Last Updated: May 30, 2018

An incident that underscores the continuing threat of cyber-attacks on the education industry recently occurred when a hacker disrupted service at Rutgers University—again.

First targeted on November 19, 2014, Rutgers suffered two more attacks in March, 2015 and a third attack last month on September 28, 2015. The attacks took the form of distributed denial of service (DDoS), a method where compromised, remotely-controlled computer systems are aimed at a single target. The targeted system slows dramatically, or shuts down.

After the earlier attacks, Rutgers retained two additional cybersecurity firms. Yet the attacks continue.

The high price of insecurity

DDoS attacks are costly in terms of revenue, sensitive data loss, and diminished brand reputation. After the first cyber-attacks, Rutgers increased its budget spend on cybersecurity to approximately $3 million, using the expense as a rationale to raise tuition by 2.3% in the 2015-16 school year. Students are currently protesting the tuition increase since the cybersecurity issues are not resolved.

A recent report on the prevalence of DDoS forays against North American companies notes:

  • More than 80% of companies attacked through DDoS are targeted on multiple occasions.
  • 26% of those victims report that DDoS attacks damage company reputation and customer trust.
  • More than 30% of responding businesses estimate they would lose approximately $100k per hour due to downtime from a DDoS attack.

As specialists in cybersecurity, our company works daily with enterprise IT to reduce risk, optimize access, and ensure compliance. In an earlier blog, we discussed the Target data breach in 2013, and the importance of assessing vendor risk to deter and prevent hackers.

In the Rutgers case, the responsible party is apparently pursuing a vendetta for an anonymous person who is unhappy with the university. Under the Twitter handle, “Exfocus,” the hacker who claims responsibility for the DDoS attacks brags of receiving $500 an hour to repeatedly disrupt services at Rutgers. Exfocus writes, “Public twitter is on clients request. The client hates the school for whatever reason. They told me to say generic things like that I hate the bus system and etc.”

With the most recent DDoS in late September, the cyber-attacks remain a costly, high-profile, problem for Rutgers.

Higher education or bigger target? University cyber-attacks on the rise

The attack on Rutgers is just one of many cyber assaults against U.S. universities. An April report released by Symantec notes that the top five sectors for cyber attack based on number of incidents include:

1. Healthcare
2. Retail
3. Education
4. Government and public sector
5. Financial

In May of this year, Penn State announced that hackers from China had access to the contents of computers in the engineering school for more than two years. In July, UCLA Health reported that hackers compromised the records of more than four million people. Also in July, the University of Connecticut announced its engineering department computers had been compromised earlier in the year by hackers based in China.

We help your IT department manage vendor risk and enterprise security

Universities and enterprises face worsening cyber security challenges every day. Whether you are in a regulated trade, finance, government, higher education, or other sector, you need a secure platform to reduce vendor risk and the danger of access by bad actors. SecureLink uses best practices to deliver secure solutions and a safe product platform.

Contact the SecureLink team to standardize remote support, manage third-party network access, and ensure compliance.

Subscribe to the SecureLink Blog.
close close