A government-funded agency in the UK suspects students and staff may be behind university cyberattacks rather than cybergangs and foreign powers.

The analysis examined the timing of 850 attacks in 2017 and 2018 and noticed a concentration of attacks targeting universities taking place during the school year and within working hours when students and staff were most likely to be present, according to the BBC.

Researchers noted that these were sustained attacks which aimed to disrupt networks and didn’t include phishing, ransomware or malware attempts.

Researchers even noted one case in which a pattern of attacks against a particular institution began at 9:00 am and finishing at noon before restarting again at 1:00 pm and continuing until about 3:00 pmor 4:00 pm leaving researchers to suspect the attacker took an hour break at lunchtime.

Researchers also noted a falloff in these attacks during the holidays when “the number of attacks decreases dramatically,” the report said.

Nick Murison, managing consultant at Synopsys, said campus staff and students should be educated as campus networks can feel like safe spaces for students to try their hands at hacking and attributed some of the activity to curiosity as opposed to intentional malice.

“Much like dealing with any other threat actor, it comes down to minimizing risk through keeping systems up to date, enforcing strong security controls for both internal and external systems, and enforcing principles of least privilege,” Murison said.

“You cannot simply rely on a strong external perimeter; you have to harden all systems in anticipation of attacks from both the outside and the inside.”