Cyber incident shuts down Laurentian University's website, WiFi and email access

Northeastern Ontario's largest university says it's recovering from a cyber incidenton Sunday that shut down many of Laurentian'sinformation technology services, including access to email, on-campus WiFi and its website.

The Sudbury school launched a temporary website to update students, staff and faculty on the situation.

On Wednesday, it saidstaff contained the issue and werein the process of restoring services.

The update also said no personal credentials have been compromised.

Junior Williams, a cybersecurity consultant and professor at the Toronto School of Management, said universities are common targets for cyber criminals.

"There's valuable research that can be held, that can be used," Williams said.

"It can be sold, it can be ransomed, right? And then there's the personal information, personally identifiable information, for a large number of students and staff."

Williams said it's impossible to say with certainty what happened at Laurentian, but added there are three common attacks used against large organizations.

"The first thing that comes to mind is ransomware," he said.

That's when a group, often supported by a state actor, infiltrates an institution's defences and encrypts important data.

"They can then turn around and charge a ransom, alot of times in a cryptocurrency like Bitcoin," Williams said.

Williams said another possibility is there was a data breach at Laurentian.

The third possibility is a "distributed denial of service attack," in which the attacker floods a server with internet traffic to congest servicesand make them unusable.

"When we see distributed denial of service attacks, oftentimes institutions will essentially pull the plug to prevent the spread and to basically triage and see where it's coming from," Williams said.

He said cybersecurity needs to be taken seriously at all organizations, from top management on down, and althoughsome executives might balk at the price, the cost of fixing a problem can be much higher.

Past incident

In 2017, former Laurentian University student Spencer Brydges was able to access the personal information of professors and students.

Brydges said he hacked the university's systems to reveal vulnerabilities, butlater pleadedguilty to mischiefand served12 months of probationalong with 25 hours of community service.

He later completed his computer science degree at Laurentian and landed a job with a tech company in Toronto, where his work included testing online security systems.