Cyber attack and potential disruption to IT services

Friday 19 May 2023

This notice is to inform you of potential disruptions to the University’s IT services from a ‘distributed denial of service’ (DDoS) cyber-attack that is targeting our IT infrastructure.

DDoS attacks flood a server with internet traffic that can overwhelm the system and prevent users accessing connected online services and sites. This has the potential to disrupt not only the University's main website but other essential IT services as well.

At this point, the risk of serious disruption is low. Our mitigations have meant we have experienced only very minor effects on service performance.

However, in the past 48 hours the severity of the cyber-attack has increased significantly, to the point where we are now seeing intermittent and short-lived disruptions to some of our IT services, including wifi connectivity and apps such as Teams. With this type of cyber-attack, there is always the potential for a rapid escalation in impacts, which is why we are bringing it to your attention now.

We are working closely with our service providers to respond to this attack, including preparing workarounds for essential services in the event of further escalation.

We will keep you fully informed of the developing situation as more information comes to hand. In the meantime, the Business Continuity Plan (BCP) processes have been activated to manage the local response in faculties and service divisions, should it be required. At this point, no action is required from anyone receiving this message.

If we do experience severe disruption to our normal communications channels (notably website, intranet and email) we will use the University’s social media channels such as Facebook and Twitter, and the UoA Alert and Kahu apps, for updates and further instructions.