Irish universities continue to probe extent of cyberattack on Canvas learning platform

Irish universities were among thousands of schools internationally to be hit by a global cyberattack seeking to extort millions.

University College Cork, Munster Technological University, Trinity College Dublin, and University of Galway are some of the Irish establishments where learning tools went offline after the cyberattack breached Instructure, the company behind the learning management system Canvas, which many Irish colleges use.

Munster Technological University (MTU) said that it is continuing to engage with Instructure to understand the nature and extent of any potential impact on the university community.

“We are communicating directly with students and staff and advising them to remain vigilant, particularly in relation to suspicious emails, links or attachments.” 

ShinyHunters

Notorious cybercrime gang, the ShinyHunters, claimed responsibility for this extortion plot.

The hackers managed to exfiltrate a “ferocious volume of data” — some four terabytes — from universities globally, Ronan Murphy, CEO of Smartech 247, a Cork-based cybersecurity company, told the Irish Examiner.

Unlike many cybercrime groups, the ShinyHunters are not Russian, but from the West, Mr Murphy said.

“They're a gang of Westerners, which is a mixture of both Europe and North America. They’re commercially minded young people who are quite technically savvy.

“You could categorise it almost as organised cybercrime. They're quite successful. They've had a number of high-profile breaches like Ticketmaster and AT&T."

This latest cyber attack is “a very, very damaging breach for the educational sector,” Mr Murphy said. It is affecting Ireland, where many of the higher education institutions use Canvas.

It is also impacting the rest of Europe, where some 15% of universities and colleges use Canvas, he said. But the problem is most acute in North America, where Canvas has “by far and away the leading market share of the educational sector.” 

The ShinyHunters are probably demanding in the region of $10 to $15m from universities in exchange for not leaking their data, Mr Murphy said.

Private communications between staff and students have been infiltrated by the group. “There will be significant GDPR and privacy issues if this data is made public," Mr Murphy said.

The global cyber attack mostly struck the platform on Thursday night in Ireland, minimising interruption to staff and students. But it is not yet known whether — or how much — data held in Irish universities was compromised.

Instructure said in a recent statement that Canvas is fully operational again and is safe to use. The company said that core learning data was not compromised.

But the attack did involve unauthorised access to some data fields, including information like usernames, email addresses, course names, enrollment information and messages.

Impact on Irish institutions

UCC said that all systems were working normally again on Friday.

"At this time there is no evidence to indicate that data pertaining to UCC students or staff has been made available," a statement on Friday said.

"No other UCC systems have been affected, and we will continue to monitor the situation."

A spokesperson for the University of Galway said on Friday: “Services were restored following a relatively low level of disruption in the last 24 hours. We are continuing to liaise with the company affected to understand the full nature and extent of the breach.” 

Trinity College Dublin said that it has not been advised, nor is it aware, of any information relating to Trinity students or staff being shared on the internet as a result of the Canvas cyber incident.

"Trinity has not been approached for a ransom nor have we been notified that one has been paid," the statement said.

Queen’s University Belfast (QUB) was also hit by the cyberattack.

Canvas is an educational management system in which teachers post assignments, grade work, and communicate with students, while students submit their coursework through it, check their grades, and access course materials.

Educational institutions can be targets of cyber attacks because they hold valuable data for cyber criminals, including verified names, addresses, phone numbers, email addresses and potentially financial information.

This data can then be used for crimes like social engineering attacks, identity theft and other online crimes like phishing.