IT security Large-scale Cyberattack Successfully Repelled

A large-scale cyberattack on Heidelberg University has been planned with the aim of closing down the whole of the university’s IT services. It was possible to detect this attack and repel it in time. Directly after discovering the preparations for it, which were already far advanced, the University Computing Centre (URZ) activated protective measures across the university to ward off further damage. 

Besides changing all passwords, the package of measures involves, in particular, shifting various digital services to protected areas. The URZ reports that the instruments used, which were established in agreement with the state authorities involved, have already proved effective and appropriate during implementation. Thanks to these measures it has been possible to safeguard the basic operations and operability of the university. 

Currently a crisis management team at the University Computing Centre is working closely on continued defense mechanisms with the relevant state authorities, particularly the Baden-Württemberg State Criminal Police Office under the direction of the Karlsruhe Public Prosecutor’s Office. The Baden-Württemberg State Office for the Protection of the Constitution, the Baden-Württemberg Cybersecurity Agency (CSBW), the State Data Protection Commissioner and the bwInfoSec federation – an association of the state’s public higher education institutes and universities in the area of information security – have also been brought into these procedures and uncovering the underlying reasons. 

It is foreseeable that some of the central digital services, such as the university email service, will continue to be available only in the university network or via VPN. These security measures must apply until the beginning of next year at least. The IT services and decentralized websites under the responsibility of the faculties, institutes and facilities will, after thorough security checks, be released gradually for direct access from the internet. These checks will not just be technical in nature but also aim to make the internal responsibilities transparent. The URZ assumes that dealing with complex situations will take longer. 

The University Computing Centre requests all departments in the university to notify it of as yet unreported functional restrictions in IT service accessibility by means of a corresponding report via their respective IT officer. In order to support members of the university with problems, the University Computing Centre has expanded its support offering. The IT Service is also accessible to users during the Christmas holidays on workdays from 9am to 1pm via the ticket system or video call. 

One of the central consequences of the planned cyberattack will be to further raise the university’s digital resilience. Hence the current incidents will be worked through in the coming months with the purpose of deriving action for the medium to long-term.