Cyberattacks on K-12 Likely to Persist Through School Year

A little over a week after a school system in Baltimore was incapacitated by ransomware, federal agencies are warning that cyberattacks on educational entities are likely to continue throughout the school year. 

In terms of cybersecurity, the pandemic has been really terrible for schools. Universities were bludgeoned by hackers throughout the summer, with ongoing attempts by advanced persistent threat (APT) groups to steal COVID-19 research. Similarly, K-12 and public schools saw an increase in cyberattacks — a trend that apparently shows no signs of slowing down. 

"Cyberactors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations," reads a joint release from CISA, the FBI and the MS-ISAC.  

The attacks have come in a couple different categories, the agencies warn. They are: 

• Ransomware - Schools are being hit by several prominent strains of the malicious malware, including ZeuS, Shlayer and Agent Tesla, data shows. In addition to Baltimore, school systems in Alabama, Texas, Nevada and Ohio, among many others, have recently seen successful attacks. Lately, hackers have been observed exploiting exposed remote desktop protocols (RDP) to gain access to networks, before manually deploying ransomware, according to CISA. These attacks, which have persisted throughout the year, are likely to continue or even escalate, the agencies warn. 
   
• Denial of Service Attacks - DoS attacks have been observed disrupting K-12 education, most notably in their targeting of third-party vendors that support remote learning. Just recently, a 16-year-old was arrested in Miami-Dade, Fla., for conducting just such an attack on his own school network; the school system, which is the third largest in the U.S., was compromised, rendering its network's computers useless for the first three days of the school year. To avoid that, CISA recommends enrolling in some sort of DoS mitigation service which could help cut down on the likelihood of an attack.    
   
• Zoombombing - The ubiquity of "zoombombing" is by now overwhelming: Schools and companies across the country have been plagued by it. These attacks — that typically interject profanity (or, sometimes, pornography) into scheduled meetings — can be especially disruptive to online learning when it comes to younger children and K-12 education. Agencies suggest schools keep tabs on system updates for video conferencing applications, require passwords for session access and develop best practices for system security. 
   
• Attacks on Edtech - The pandemic forced schools to adopt remote learning applications en masse, with many school systems purchasing online learning suites like Google Classroom to assist with teaching. Yet hackers could "view the increased reliance on — and sharp usership growth in — these distance learning services and student data as lucrative targets," reads the alert. When partnering with third party vendors on edtech, schools should consider the company's security policies, ensure that it has an incident response plan and consider the provider's policies on student data collection, retention and deletion, among other things.   

Agencies also suggest that schools invest in additional security precautions, when possible. "Educational leadership, information technology personnel and security personnel will need to balance this risk when determining their cybersecurity investments," the recent release states.  

The CISA/FBI memo also lists some "best practices" for school systems to abide by, the full list of which can be viewed here.