The global pandemic has obviously posed unprecedented challenges for today’s educational professionals. In addition to facing the health challenges that affect everyone, they’ve also wrestled with learning to master unfamiliar technologies and applications that enable remote learning programs for their students.
Unfortunately, cybercriminals are remarkably adept at exploiting weaknesses that arise from inadequate security protocols and/or inexperienced users. As a result, teachers and school administrators must now contend with an onslaught of cyberthreats focused on their evolving distance learning programs.
As reported in a December 2020 Joint Cybersecurity Advisory from the federal government, cybercriminals are “targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year.”
Coauthored by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the advisory goes on to caution, “These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”
Ransomware Threats Growing More Frequent
Ransomware attacks on school computer systems have been able to slow—and in some cases, block completely—access the basic computer functions needed for distance learning. Ransomware has also been used to steal confidential student data, which the criminals then threaten to make public unless the educational institution pays a ransom.
Unfortunately, the advisory notes that ransomware attacks against schools are on the rise: “According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.”
Malware, DDoS Also Pose Significant Threat
The Joint Security Advisory states that ZeuS and Shlayer are among the most prevalent malware affecting K-12 schools:
- ZeuS is a Trojan with several variants that targets Microsoft Windows operating systems. Cyber actors use ZeuS to infect target machines and send stolen information to command-and-control servers.
- Shlayer is a Trojan downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malicious advertising posing as a fake Adobe Flash updater.
In addition, the advisory discusses how “Cyber actors are causing disruptions to K-12 educational institutions—including third-party services supporting distance learning—with distributed denial-of-service (DDoS) attacks, which temporarily limit or prevent users from conducting daily operations. The availability of DDoS-for-hire services provides opportunities for any motivated malicious cyber actor to conduct disruptive attacks regardless of experience level.”
Solution: Implement Full Range of Security Best Practices
The advisory goes into great detail explaining the many security best practices that K-12 schools should implement in order to maximize their protection. These security recommendations touch on a broad variety of topics, including:
- Networks
- User Awareness
- Ransomware
- Denial-of-Service
- Video-Conferencing
In terms of overall strategy, the advisory counsels K-12 educational institutions should “review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors.”
Download Complete Joint Cybersecurity Advisory
VIPRE strongly recommends all K-12 school IT administrators download this highly-informative federal government report. To get your copy of the complete advisory simply click here.
About VIPRE
For over 25 years, VIPRE Security has been a leading provider of advanced security products purpose-built to protect every major attack vector from today’s most costly and malicious online threats.
Guest blog courtesy of VIPRE Security. Read more guest blogs from VIPRE Security here.