University of British Columbia hit by brute force cyberattack
The University of British Columbia issued an alert on April 14 that a brute force cyberattack had been launched against the school's identity management infrastructure.
The attacks, from outside UBC, were targeting a vulnerability in the system that enabled direct remote access to PCs, servers, and mobile devices using Remote Desktop Protocol.
In response, the university shut down off-campus access to RDP. (Remote access remained possible through other non-RDP university networks.) A forensic analysis was being conducted to determine if any accounts had been hacked or not.
The school identified 1,300 systems using RDP on campus.
On April 15, the university issued a second statement as an investigation into and review of UBC identity management infrastructure issues continued.
Off-campus access to RDP continued to be shut off and will remain off until further notice.
Whether or not a global password reset is required is still being determined.
This type of attack has been experienced by other major institutions.