Network Outage from DDoS Cyberattack
Posted March 27, 2023, 1:48 PM
Updated March 27, 2023, 4:16 PM
[Update, March 27th at 4:00pm]
As of around 3:30pm, this issue has been resolved. The network and all systems are fully operational at this time, with the exception of one limitation that will remain in place – all traffic to our websites from Russia, where the attack originated, is still blocked. We are continuing to monitor the network traffic to ensure continued stability, and will reassess this block.
For clarity, none of our systems were compromised during this attack, and there has been no account or data breach. The attack was intended to disrupt service, and our firewall did the job it was set up to do - disallow any malicious access to our systems. Unfortunately, this meant blocking all traffic for a time, but it was a necessary response.
I also apologize for any redundant or confusing emails you may have received. These were received hours after they were initially sent, due to the delayed email delivery from this morning. You may find other emails reaching your inbox now that were sent hours earlier.
[Update, March 27th at 2:30pm]
We continue to experience a high volume of malicious traffic that is impacting our network and systems. We are still working with our vendors to effectively block the malicious traffic and enable legitimate traffic, and have made some progress, but there continues to be widespread impacts.
If you have class or other activities on campus today, please see below for what to expect, and plan accordingly.
This situation is continuously evolving, but here is what CCA users can currently anticipate:
- All Non-US connections are currently blocked
- All attempts to connect to any cca.edu website originating outside of the US are blocked
- All attempts from within the CCA network on campus to connect to any website hosted outside of the US are blocked
- All traffic on the CCA network is very slow.
- All cca.edu sites are reachable from both on and off campus, but can be very slow to respond.
- Cloud systems that do not rely on a cca.edu web address should be operating normally. This includes Zoom, Google Workspace, Workday and Salesforce.
- However, most of these systems require Single Sign-On, which may be slower than normal to respond. But once you are logged in, the service should work as usual.
- Systems that use a cca.edu web address will be slower than usual. This includes Moodle, Portal, Libraries, Papercut, Teamwork and cca.edu.
- Emails sent to/from cca.edu email addresses are delayed in sending, and may be marked as spam or dangerous. This is because our emails rely on verification of a cca.edu sender address, which has been impacted by the outage. Other Google apps (Drive, Calendar) should work as normal once you are logged in.
We apologize for any inconvenience, and will update the community on our progress later today.
[Original Message, March 27th at 11am]
We are currently experiencing a network outage on the CCA campus. During this time access to the wireless network as well as some web-hosted services may be interrupted. Many services that use a cca.edu domain are impacted, including Single Sign-On.
The current outage appears to be due to malicious activities on our firewall, a form of cyberattack known as “distributed denial of service” (or DDoS). These malicious attempts take up available network resources, causing slowdowns and outages.
We have blocked all suspicious IP addresses and will continue defending the firewall. Users may experience slow or interrupted service while we work to resolve the current issues, and we will continue to monitor firewall activity closely moving forward.
We understand the inconvenience this poses for students, staff, and faculty across the campus, and we thank you for your patience as we address this problem.
If you need technical assistance, please contact the CCA Help Desk, though please understand that due to the nature of the outage, response times may be longer than normal.