A distributed denial-of-service (DDoS) attack on Infinite Campus,
an educational software provider that houses the parent portal for Oklahoma City
Public Schools, created access issues for those parents trying to connect
to the district's student information system.
While this was not the first
attack on Infinite Campus, district spokeswoman Beth Harrison told NewsOK that
the most recent attacks were greater than any it had previously
experienced in both volume and duration. "The latest series of attacks
began Monday, September 17, and included multiple customers and data centers.
Homeland Security is now involved and Infinite Campus has hired additional
security experts to assure all data is safe and to track down the attack
perpetrators."
In an announcement to
parents explaining the cause of the access issues, the Oklahoma City Public
Schools wrote, “Please note that NO student data was stolen or breached. This
attack just causes the service to be very slow or unresponsive. Many districts
across the country are impacted and authorities are investigating. We’ll
provide updates as soon as we have them. Thanks for your patience!”
The attack comes at the
beginning of a new school year, and while the motive is unclear at this point,
attackers often have myriad objectives when orchestrating these types of
attacks.
According to recent research from Corero Network Security, during
the first half of 2018 DDoS attacks increased 40% from Q2 2017 to Q2 2018.
“This highlights the increasing need for organizations that rely on high levels
of online availability to ensure they include the latest always-on, real-time,
automatic DDoS protection in their defenses,” said Sean Newman, director
product management, Corero Network
Security.
“The key point is that such a
critical service is able to be taken down by what is now a relatively
cheap-and-simple-to-launch attack vector. It’s good to see that a strong
emphasis is being placed on the privacy of any data being held, but that
doesn’t help with the disruption and inconvenience caused when such a vital
service is down for an extended period of time.”
Many online services are
delivered by third parties such as Infinite Campus, and when these service
providers are targeted with DDoS
or other attacks, their customers feel the impact. “The attack on Oklahoma
City’s student information system is just another example of just how many
services, which are increasingly provided online for reasons of cost,
efficiency and scalability, are delivered without adequate resiliency to
distributed denial-of-service
attacks,” said Newman.
No comments:
Post a Comment