Hackers ‘extremely likely’ to attack as NUI Galway goes back online

The head of tech security at NUI Galway has said it is “extremely likely” the university will be targeted by hackers again when it begins to open up its IT systems to the internet over the coming days.

“It’s extremely likely even the same gang that attacked us, or friends of theirs, are likely to come in and have another go at us, so we have to have our security in a much better place than it was previously,” staff were told this week.

Many students are missing out on online classes and assignments because, while staff have also raised complaints that seven weeks on from the cyberattack, they still do not have access to wifi or servers within the university.

The college is continuing to work alongside KPMG’s Digital Forensics Incident Response Team, as well as Interpol and Gardaí – officials confirmed NUIG is always being “probed” by potential hackers looking for weaknesses in its IT systems.

Declan Staunton, Head of Research, Architecture and Strategy in the college’s ISS (Information Solutions and Services) Department told staff this week that internet connections are now being restored following the cyberattack in September.

He described it as “the most dangerous point” in the recovery of systems within NUIG because “communications pathways are being opened to the internet”.

The college shut down the majority of its IT infrastructure following the discovery of malware (malicious software used by hackers) – it has 6,000 PCs and 500 servers on its campus.

NUIG President Ciarán Ó hÓgartaigh admitted the college had been “knocked for six” by the attack.

The intended target within the college of the attack has been identified and the source is continuing to be investigated by tech experts along with Gardaí and Interpol.

College officials have stressed that it was not a ransomware attack – where hackers encrypt data and demand ransom to release it – because no data was accessed.

Speaking to staff this week, Declan Staunton described it as “quite a chaotic time” within the college.

He explained that the college is in the final phase of recovery from the cyberattack in which internet connections will be restarted. In the coming days, the college hopes to have “80-90%” back online, but it will be “well into the New Year” before all servers are back.

“This is the most dangerous point of the recovery, because the communications pathways are being opened to the internet and it makes it very likely we’ll get attacked again. We know for certain we’re always being probed.

“It’s extremely likely even the same gang that attacked us, or friends of theirs, are likely to come in and have another go at us, so we have to have our security in a much better place than it was previously,” Mr Staunton told staff.

He said the college has enhanced its threat monitoring software and introduced additional monitoring in its data centres which feeds information constantly to an external company.

John Gill, Chief Operating Officer of NUIG, accepted the attack and the recovery process had been long and frustrating, but necessary to allow it to happen safely.

“The recovery process has been painstaking. Our view, as informed and advised by KPMG, was that the last thing you want to do is recover quickly and have the malware still evidence or still present in your environment and allow it back into action.

“The decision was taken to shut down the university network to disable it from the internet – the purpose of that was to contain the attack and limit any potential damage the malware might cause.

“On hindsight, that decision was a very wise one, as it achieved containment and prevented the malware from communicating with external sources and encrypting out data, which was critically important,” Mr Gill said.

The university contacted other cyberattack victims, including the HSE, to learn from their experiences.

According to NUIG authorities, ‘wired’ access to the internet has been restored on teaching PCs, in PC suites and in the library.

However, staff and students have complained that wired access has still not been restored in many parts of the campus, and that they cannot connect to temporary wifi hotspots.