K-12 institutions have been prime targets for ransomware, malware , and distributed denial-of-service (DDoS) attacks recently. The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Multi-State Information Sharing and Analysis Center (MS-ISAC) have warned K-12 institutions about potential increases in cyberattacks in 2021. One omen was the recent breach of the popular online children's gaming site, Animal Jam. This attack compromised the privacy of the children and parents that accessed the site.
A joint report from the FBI, CISA, and MS-ISAC found that 57 percent of ransomware attacks have targeted K12 schools in August and September, compared to 28 percent in the first six months of 2020. You can learn more about recent ransomware attacks here.
Several types of cyberattacks target schools. Here are the most common:
DDoS attacks involve multiple compromised computer systems flooding a server, website, or other network resource, negatively impacting regular operations. Since most schools are now operating with distance learning procedures, DDoS-for-hire services are sold that are easily utilized by even the least experienced hackers to cause serious disruptions. Reportedly, hackers now disguise themselves as students to join online calls and conferences to broadcast inappropriate content, including violent and sexually-charged messaging, to fellow attendees.
The most prevalent ransomware families that have been targeting K12 groups are REvil, Ryuk, Maze, AKO, and Nefilim. Although Maze ransomware operators have shutdown their operations, a new ransomware variant, Egregor, has emerged as a greater threat to educational institutions through its availability as a Ransomware as a Service download via the dark web.
Malware have been one of the three key threats for K12 institutions, especially the ZeuS, Agent Tesla, Cryptominers, and Shalyer variants. ZeuS steals information primarily from financial entities. Shalyer alone contributes to 39 percent of attacks on macOS devices, bypassing Apple's security by leveraging code-signing issues in macOS applications. Both Agent Tesla and Cryptominers focus on stealing information and performing illegal mining operations in the victims' devices.
Adding to these prominent threats, authorities also warn about phishing and domain typosquatting that are often the first point of compromise to confuse parents, students, and teachers.
There are key security precautions to combat unforeseen cyberthreats. Patching keeps systems updated, while fixing security misconfigurations, and closing unnecessary ports blocks an attacker's malicious actions. However, these three strategies are just your first layer of defense. You need robust security to thwart sophisticated attacks. Following the government's joint security advisory will improve your distance learning security strategies now, and help you prepare for the future. The joint advisory warns about the anticipated increase in cyberattacks targeted at the K12 group in 2021. Being proactive means your organization will be ready!