Education services provider draws fire from DDoS attacker
- By John Breeden II
- Oct 22, 2013
Schools and universities may not have the kind of protection against cyberattacks that large companies and government agencies use. Yet because of their visibility, they are often the targets of those types of assaults.
This became clear to OnCourse Systems for Education, which provides software services to K-12 schools, when it became the victim of three DDoS attacks this year, with each one timed to disrupt the school day.
The first attack happened on a Thursday morning at 8 a.m., just as the school day was starting. The attack was directed at the primary firewall and the outsourced data center. The OnCourse CTO and the data center’s IT staff determined that it was a UDP flood with malicious traffic coming primarily from Germany and the Netherlands.
“This was the first DDoS attack at OnCourse, and we never thought that we would be a target,” said Mark Yelcick, chief technology officer and partner at OnCourse, in a company statement. “There’s no money or assets to be gained by attacking an SaaS provider of K-12 educational systems. We felt that the firewall, intrusion protection and DDoS protection from our data center provider would be enough.”
Two other DDoS attacks followed. Although OnCourse had hired a third-party DDoS protection company, they were unable to stop the attacks.Ultimately, OnCourse brought in Prolexic, which has solutions tailored for the education market. The company engaged its emergency services, routing traffic through Prolexic’s 1.5 Tbps cloud-based DDoS mitigation platform and stopping the attacks.
Prolexic provides deep network analytics and DDoS attack forensics through PLXportal. The portal is a secure online resource that gives users a real-time view of what is happening on their network and the Prolexic’s DDoS mitigation infrastructure before, during and after a denial of service attack.
“Like many companies, we thought that we would not be a target of a DDoS attack,” said Yelcick. “We have learned that firewalls and intrusion protection systems are not enough to be completely protected against DDoS. We simply cannot afford downtime brought about by a DDoS attack.”
John Breeden II directs the GCN Lab.