Cyber Incident Victim: Edinburgh University (ed.ac.uk)
Date:
Sep 2018
Location:
United Kingdom
Summary
The University of Edinburgh experienced a significant cyber-attack during its enrollment period, resulting in prolonged website downtime indicative of a DDoS incident. The institution confirmed no data compromise, citing rapid defensive measures and collaboration with internet service providers, cybercrime investigators, and peer universities to mitigate the attack. A national education network provider noted similar targeting of multiple institutions during seasonal enrollment periods, highlighting a recurring threat pattern. Concurrent industry reports indicated rising DDoS attack frequencies, often characterized by brief durations but high recurrence rates among victims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The University of Edinburgh experienced a significant cyber incident on or around September 12, 2018, coinciding with its Freshers' Week activities. The attack rendered the institution's primary website (ed.ac.uk) inaccessible for nearly 24 hours, with services still disrupted as of the following morning according to public reports. University representatives characterized the event as a major cyber-attack, though specific technical details about the attack vector were not disclosed. A spokesperson confirmed the implementation of "rigid measures" to protect IT infrastructure and data, asserting that institutional defenses responded promptly to contain the incident. The university explicitly stated no data compromise occurred during the breach. Service restoration efforts were ongoing at the time of reporting, with the extended downtime suggesting a severe operational impact consistent with large-scale DDoS attacks based on contemporaneous cybersecurity industry patterns.
Institutional response protocols included coordination with internet service providers and national cybercrime investigation units, alongside inter-university collaboration to develop future attack prevention strategies. Jisc, the non-profit operator of the UK's Janet Network for educational institutions, confirmed multiple universities were targeted during this period, noting a seasonal increase in DDoS attacks coinciding with student enrollment cycles. While emphasizing that individual members bear responsibility for protecting their own network infrastructure, Jisc acknowledged providing DDoS threat intelligence and mitigation guidance to affected organizations. The incident occurred despite Edinburgh's status as one of 14 government-designated Academic Centres of Excellence in Cyber Security Research, recognized under the National Cyber Security Strategy. This attack aligned with broader 2018 trends reported by Corero Networks, which documented a 40% year-over-year increase in DDoS incidents during the first half of the year, with most attacks lasting under ten minutes and utilizing less than 5Gbps bandwidth, though recurrent attacks affected 20% of victims within 24 hours of initial compromise.