Why do this: record cyber attacks hit universities
In the early days of the 2025 admission campaign, bot traffic on the websites of many Russian universities reached record levels - up to 50% of the total number of requests, with non—technical educational institutions among the leaders in bot activity. This traffic is dominated by parser bots, which are created by applicants to calculate their chances of admission. DDoS attacks were also staged — this year their number increased by 74% compared to the same period last year. About why applicants use bots and how universities maintain the efficiency of their resources is in the Izvestia article.
How do applicants attack universities
The record values of bot traffic were shown by the first days of the admission campaign, which started in Russian universities on June 20, cybersecurity companies told Izvestia. In total, this is up to 50% of the total volume, according to the Servicepipe computer security service.
—Applicants can create bots themselves in order to calculate their chances of admission more accurately," explained Anton Chemyakin, head of the company's analytical department. — They can apply to several universities, and in each of them — for several specialties. At the same time, during the admission period of the company, they pick up documents, change priorities, and the admission lists change several times a day.
According to him, in order to calculate the probability of getting into a budget for a particular educational institution, applicants are forced to constantly monitor changes in the lists on university websites.
— A bot comes to the rescue here, which constantly checks, that is, parses the cherished lists and tracks how they have changed by SNILS numbers: where the guys with a higher USE score sent the documents, how they changed priorities in choosing one direction or another, — the expert added.
Non—technical universities are among the leaders in terms of bot activity.
According to Anton Chemyakin, such bot-parsers used to be written by future students of technical universities, most often using the Python programming language for this purpose.
"But this year there has been an explosive growth of humanitarian parsers," he noted. — Applicants of humanities and natural sciences have begun to actively use AI to create parsing bots to monitor the list of applicants, and for this they do not need to know programming.
The activity was confirmed in the educational institutions themselves. In the early days of the 2025 admission campaign, Vitus Bering Kamchatka State University (KamSU) noted an increased level of bot traffic.
— This activity did not lead to disruptions in the operation of critical services for applicants. The submission of documents, personal accounts and information resources remained stable," said Oleg Gadetsky, Head of the Department for work with applicants at KamSU.
According to Timur Shumkov, director of the Information Technology Center at Kazan State Agrarian University, in the early days of the admission campaign, there was a significant increase in suspicious activity on their digital resources.
"According to our IT department, bot traffic accounted for about 35% of the total number of requests to the admissions office website and chat rooms, which became a serious challenge for the stable operation of the system," he said. — The main types of activity include attempts at mass registration, load attacks on servers, and attempts to collect unauthorized data about applicants.
The intensity of bot attacks in 2025 increased by about 40% compared to the same period last year, Timur Shumkov added. The difficulty of attacks has increased especially noticeably.
"If earlier we were faced mainly with simple DDoS attempts, now we are seeing more sophisticated methods using distributed networks and simulating the behavior of real users," he said.
However, not all universities report on bot activity.
"During the current admission campaign, no suspicious activity has been recorded on the website of the Moscow Art and Industrial Institute," Angelika Ergasheva, head of the Information Department at the Moscow Art Institute of Fine Arts, told Izvestia. — There were no serious incidents either.
And Moscow Poly reported that the volume of attacks and bot activity does not exceed the figures of last year.
Why are educational institutions being attacked
After the start of the admission company, a rapid increase in the number of DDoS attacks on universities was also recorded. According to analysts at StormWall, a company that provides information security services, from June 20 to June 30, 2025, the number of such attacks on higher education institutions increased by 74% compared to the same period last year. This is 162% higher compared to the period from May 20 to May 30 this year.
"Judging by the nature of the DDoS attacks, they were launched by non—professionals," says Ramil Khantimirov, CEO and co-founder of StormWall. — These could be applicants who were afraid of competition. In particular, to prevent other graduates with higher USE scores from submitting documents online on university websites. There is also a possibility that the attacks could be organized by competing educational institutions in the struggle for the best graduates.
He recalled that attacks on universities during the admissions campaign have been taking place for several years and were usually organized by applicants.
To launch the attacks, the hackers used free tools and inexpensive services that can be purchased online, as well as small botnets.
"The attack power range was from 10,000 to 20,000 requests per second," the company said. — The duration of the attacks was short, the incidents lasted about 5-10 minutes. But during the attacks, the digital platforms of educational institutions either malfunctioned or were paralyzed for some time.
The peak of problems with cyber attacks occurred in July 2022, when a powerful attack caused a daily downtime of the site, Oleg Gadetsky recalled. Since then, the situation has improved significantly: the years 2023-2025 are characterized by the absence of serious incidents.
"This year's background bot traffic is comparable to those of previous years, but thanks to the enhanced infrastructure, it does not have a disruptive effect," he noted.
However, many Russian universities pay insufficient attention to protection — it is rather weak or absent altogether, Ramil Khantimirov added. In such conditions, even unprofessional attacks with low power can seriously disrupt the information systems of educational institutions.
"The number of DDoS attacks on universities is growing every year," he said. — Inexpensive tools for launching attacks can be easily purchased on the Internet, and attackers use this opportunity. In our experience, attacks on universities can continue throughout the entire period of the admission campaign.
How universities protect resources
The summer months before the closing of the campaign are the hottest for universities, as the load on the Internet resources of educational institutions increases many times, said Ekaterina Kosareva, managing partner of the VMT Consult analytical agency. The load on the sites can "suspend" his work, and in this case no one will receive information.
"The problem was partially solved by the generation of pdf files, which is used, in particular, at the Bauman Moscow State Technical University, where it is allowed to apply for dozens of specialties," she said. — Not all bots have computing capabilities for instant decryption of data, and the load on the resources themselves is minimal.
According to Oleg Gadetsky, key security measures were implemented at KamSU in 2023-2024 during the deep modernization of IT systems.
— The university has switched to a fault-tolerant server cluster with data mirroring on two independent storage systems, he explained. — In case of an equipment failure, services are automatically restored to backup capacities within five to ten minutes. Daily backups to two separate servers guarantee data security.
The priority remains the uninterrupted operation of services for applicants in conditions of any workload, the expert emphasized.
IHPI regularly checks the code for vulnerabilities and fixes them, as well as analyzes traffic and blocks suspicious IP addresses.
— This approach helps the site to work stably even under high load, — said Angelika Ergasheva.
To protect the IT infrastructure during the admission campaign, a DDoS counteraction system has been set up, which protects websites and applications from bots and web attacks, the Moscow Polytechnic Institute added. In addition, the rules on firewalls have been updated to cut off suspicious connections and detect network anomalies.
"The transition to two—factor authorization has also been implemented for all users of the university's systems," they said. — These measures ensure the stable operation of digital services during the submission of documents. Applicants' personal accounts and information resources are working smoothly, which is crucial for conducting the admission campaign."
At the same time, according to Ekaterina Kosareva, applicants are not liable for the use of bots, since a single bot does not commit illegal actions, and the overload of Internet resources is solely related to the capabilities of servers and the hosting platform.
Переведено сервисом «Яндекс Переводчик»
