The University of Zurich has become the latest in a long line of German-language institutions to be hit by a cyberattack in recent weeks. The university says it isn’t aware of any data being encrypted or extracted and IT services are continuing to operate as normal following the attack, which took the university’s website offline earlier today.
With more than 25,000 students and 3,700 staff, the University of Zurich is the largest in Switzerland with several campuses across the city. The university says it has strengthened its security measures, describing the attack as “extremely professional” and “serious” despite no clear damage being done so far.
University of Zurich cyberattack could cause ongoing disruption
It has urged students and staff to change passwords, leaned on external support including the Zurich cantonal police and isolated compromised accounts and systems to make it more difficult for the malware to spread.
While IT infrastructure seems largely unaffected by the attack so far, officials warned “individual or comprehensive restrictions of services for security reasons are to be expected at any time and possibly for extended periods” if the situation deteriorates.
This is the latest attack on a German-speaking institution, following several attacks on other universities and health bodies in recent weeks. This included the Vice Society ransomware group’s attack in November on the University of Duisburg-Essen.
Most recently there were ransomware attacks on the Harz University of Applied Sciences and the EUFH European University of Applied Sciences. No group has claimed responsibility for these attacks or the hit on the University of Zurich. It also isn’t clear if there is a reason behind the escalation in the number of attacks.
Growing cyber threat to universities
Attacks on higher education institutions are increasing around the world, including in the UK where Jisc, the not-for-profit education IT service provider in the UK, recently issued new guidelines to improve security on its university network.
Measures it plans to use to reduce the risk of attack include blocking access to its Janet network from outside the UK to Remote Desktop Protocol port 3389, which, according to Jisc has been the route for at least half of the major ransomware incidents since 2020.
Inbound traffic from known and verified IP addresses will be allowed onto Janet, the network for universities and research institutions. Remote Desktop Protocol is used to give users access to physical devices when away from their computer but is often less secure and often only requires a simple username and password.
John Chapman, Jisc director of information security policy said ransomware attacks on the education sector have ramped up globally over the past few years and the impact can be devastating. “Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cybersecurity incident.”