IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Southeastern Louisiana University 'Likely' Suffered Cyber Attack

The university is still without network services after shutting them down last week due to a possible cyber attack, leaving students without access to study materials and forcing professors to reach out on Facebook.

Southeastern Louisiana University.jpg
Photo credit: Southeastern Louisiana University Facebook page
(TNS) — Southeastern Louisiana University is on its fifth day without its website, email or system for submitting assignments after a "potential incident" last week caused the university to shut down its network and bring in Louisiana State Police to investigate.

"Southeastern recently learned of a potential incident within its network, requiring the university to intentionally take the network offline as a preventative measure," the university said in a statement Monday afternoon. "Since then, the University is working to restore systems to normal operations as quickly and safely as possible."

University and State Police officials both said they couldn't offer additional information on the incident as the investigation continues. However, a local cybersecurity expert says that, from the information available, it appears to be "some type of cyber attack."

"They've got LSP involved, so there's probably some level of criminal activity," said Michael Richmond, the director of technology services for accounting and technology firm Postlethwaite & Netterville.

Southeastern's outages began Thursday evening, according to a university official, causing students and faculty to struggle completing coursework and conducting remote classes. Some professors took to Facebook to try to get in touch with students.

"I have been hearing a lot of concerns regarding assignments, tests and being able to study for classes, since we can't access our materials," said Baileigh Picou, Southeastern's student government president. "However, professors have been reaching out on Facebook expressing their willingness to work with all of us!"

Richmond said there isn't enough information publicly available to tell exactly what kind of attack Southeastern would be facing — whether that be someone accidentally falling for a phishing scam and causing a ransomware attack or some sort of intentional, targeted attack intended to gather specific information.

When it comes to ransomware and phishing scams, Richmond said, the attack is about gathering information valuable to the victim and holding it ransom until they're paid off, or selling that information off. In the case of a higher education institution, that information could be personal or financial student data.

Higher education has suffered from rising cyber attacks in recent years — the most common type being ransomware attacks, according to Forbes. These attacks cost universities an average of $112,000 in ransom payments, though experts say ransom demands can go into the millions.

Xavier University in New Orleans was hit by a cyber attack last November. The group responsible said it obtained personal data belonging to students and faculty, which it then leaked on the dark web. An email from the university sent to students and faculty after the incident said they'd notify those who might have had their data stolen.

"It can happen to anybody," Richmond said. "It's one of the things we see across higher ed, because the collaborative nature [of universities] and the services they provide is counterproductive from a security standpoint. It's very difficult to walk that fine line between the collaborative nature and cybersecurity."

LSU suffered internet problems throughout the day Monday as well. The university's IT department faulted a DNS issue, but said later that evening that "service had been restored."

However, the university said Tuesday morning that campus was again experiencing "sporadic connectivity."

LSU said in an email Tuesday afternoon the internet issues there were not the result of any ransomware attack, and that there was "no evidence at this time that anyone's personal information has been breached or exposed."

The email also said that the internet was now stable.

To protect against ransomware attacks, the federal cybersecurity & infrastructure security agency recommends everyone use caution when clicking on links or opening attachments in emails, checking website security before providing passwords, verifying email senders and using antivirus software.

©2023 The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.