No, this was “a cybersecurity event” that ground school business to a halt.
District officials disclosed little about what happened, assuring parents in an email they “retained outside IT expert consultants who are working around the clock” to fix the problem.
“The incident discovered this past Sunday has disrupted access to several essential network systems crucial for daily operations,” officials wrote in an update to parents late Monday.
Schools and district offices reopened Tuesday. An investigation was underway “to determine the nature and scope of the occurrence.”
It’s an increasingly common — and costly — hazard faced by local governments, medical centers and small businesses across the U.S., experts warn.
Hacking, phishing and ransomware schemes have wrought havoc on networks at Garden State schools, town halls, hospitals and other organizations that house vast quantities of sensitive data, from patient charts and financial records to student disciplinary documents.
It’s a booming business for bad actors, many of them overseas, operating as part of criminal organizations or under the direction of hostile nations, said Michael Geraghty, New Jersey’s chief information security officer at the state Office of Homeland Security and Preparedness.
“They’re very well-resourced, and obviously, a school school system is not going to be any match for a nation state or transnational cybercrime organizations,” he said.
Geraghty declined to discuss the Freehold case, but said such attacks are on the rise across the U.S. and New Jersey officials are working to bolster defenses with the help of a $17 million federal grant.
“More and more individuals, businesses, governments and school systems are spending on technology in their daily lives and business,” he said. “As a result, the attack surface grows and the threat actors are taking advantage of it.”
The schemes and scams employed by these organizations vary, as do the ways they infiltrate local networks. They can hack a website. They can send employees emails impersonating their bosses or coworkers, getting them to click a link that implants malware.
Once inside, ransomware attackers take over entire network systems, holding them hostage.
Administrators are then put in an almost impossible position: Pay hefty sums to criminals from who-knows-where, risk being shut down or, worse, see their confidential data spread online.
The stakes can be much higher than a few days of missed classes or some leaked credit card numbers.
In November, two New Jersey hospitals began diverting emergency room patients to other medical centers after a ransomware attack left Ardent Health Services’ network offline for days. Tenafly Public Schools in 2022 even had to cancel some of their final exams after their network was crippled in a similar attack.
Confidential documents stolen from schools and published online by ransomware gangs around the U.S. have included student mental health records, files from sexual assault investigations and even suicide attempts, according to the Associated Press.
Whether targeting schools or hospitals, scammers will use “any leverage that they can find to get paid,” Geraghty said.
“If you’ve stolen patient information, you may start calling the patients and telling them that if the hospital doesn’t pay up, you’re going to release this information.”
In many cases, experts say, these organizations are vulnerable because they aren’t using the latest technology and security practices — but that’s changing, slowly.
Marc Pfeiffer, a senior fellow at the Bloustein Local Government Research Center at Rutgers University, said local governments are increasingly seeking out cyber insurance policies, which often require specific steps be taken to protect networks from intrusion.
“Any organization that has data as their lifeblood and is on the internet needs to take basic security precautions,” Pfeiffer said.
“There are many things organizations can do to protect themselves, including a robust training regimen of their employees to make sure they can identify spam and malware and not click on things,” he added. “But many technical solutions and actions can be expensive to buy and maintain. No one agency can do everything.”
Even in the best cases, it can also be difficult to bring the perpetrators to justice, Geraghty said.
“It’s great that law enforcement can track down some of these threat actors and the Department of Justice have indicted them,” he said. “But if they’re located in countries that harbor those criminals, like Iran and Russia, they’re never going to be arrested. So it’s really a challenge for law enforcement.
“It’s a global problem.”
The latest case, in Freehold, kept about 3,500 children across eight K-8 schools in Monmouth County out of the classroom on Monday. The exact nature of the cyber attack remains unclear.
District officials did not return messages seeking comment Monday. In their email to parents Sunday evening, a copy of which was viewed by NJ Advance Media, officials referenced “technical issues related to a cybersecurity incident in our network environment.”
A spokeswoman for the FBI’s Newark field office said the agency was “aware” of the incident but declined to comment further.
Geraghty, the state cyber official, said his organization’s Cybersecurity and Communications Integration Cell, known as NJCCIC, has been standing up a kind of “neighborhood watch” by serving as a clearinghouse for reports of attacks across the state.
Under a new law signed by Gov. Phil Murphy last year, state agencies and other organizations like schools now report cyber attacks directly to the homeland security office. By comparing notes, officials can figure out how to shore up defenses, he said.
Geraghty pointed to one example — many of these attacks, they’ve learned, happen on holidays and weekends.
“I say this across the board, most organizations do not have 24/7, cybersecurity monitoring services,” he said. “The bad guys know this, and you’re going to see ransomware gangs typically launching ransomware attacks during weekends where, you know, the IT team isn’t available.”
The state cybersecurity office can respond in a number ways, from directly managing an attack on a state office to offering advice and monitoring. It sends out alerts on known data breaches and other threats, which are also available on the office’s website.
“Whenever we see a vulnerability that’s being exploited in the wild, we’ll scan across New Jersey to see what New Jersey organizations may be at risk, and then we’ll notify them that they are vulnerable and what actions to take,” Geraghty said.
©2024 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.
