The US Cyber-security Technology and Security Departments, along with the Federal Bureau of Investigation, cautioned in a collective security warning issued on Thursday about intensified cyber threats targeting the US K-12 education market, frequently leading to malware attacks, data theft, and the destruction of distance learning services.
“As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors,” the alert reads.
“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” it added.
RANSOMWARE ATTACKS
But ransomware has been an incredibly violent threat this year, CISA and the FBI said, among all the attacks plaguing the K-12 sector (kindergarten to twelfth-grade schools).
According to MS-ISAC data, the two agencies said that the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year.
They also said that compared to 28% of all reported ransomware incidents from January through July, 57% of ransomware incidents reported to the MS-ISAC in August and September involved K-12 schools.
The findings are also consistent with Emsisoft’s new survey, where the firm also noted a spike in ransomware attacks in Q3 2020 against the education sector.
According to information obtained by the two organizations, Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil were the five most successful ransomware groups targeting the US K-12 this year.
Perhaps worse, all five are malware operations considered to run “leak sites” where victims who don’t pay usually spill data, which often poses the possibility of seeing student data released publicly.
Yet, a spike in malware threats was not the only challenge faced this academic year by K-12 students. CISA and the FBI said that US K-12 organizations’ networks have also found their way through mundane commodity malware.
“These malware variants are purely opportunistic as they not only affect educational institutions but other organizations as well,” the agencies said.
Among the most common malware infections seen on K-12 networks, the Zeus (or Zloader) trojan (Windows) and Shlayer loader (macOS) have topped the infection lists.
This malware’s appearance can not be taken lightly, as these attacks will always turn into more significant intrusions at the drop of a hat and need to be handled promptly, typically.
DDOS ATTACKS and Delays To VIDEO CONFERENCE
But in addition to ransomware, which can lead to IT workers closing down networks to deal with viruses, the two organizations have warned K-12 schools to take precautions to defend themselves from other types of cyber-attacks that can also, though more temporary, trigger disturbances.
This included DDoS attacks and delays to live video conferences.
DDoS attacks have lately been a favorite attack vector used to either ransom schools for monetary benefit or by the students themselves to get out of online classes, with school IT networks now having to operate at maximum speed to keep school services up and running.
Earlier this year, both Check Point and Kaspersky noticed that DDoS attacks against the education sector have risen not only in the US but globally, as schools have changed their practices online.
This has been a challenge for schools since March 2020 and has never gone anywhere with delays to video calls.
The warning issued by the two agencies provides a lengthy list of countermeasures that can be applied by K-12 schools and anyone else to stop the most prevalent risks they have seen this year.
Satnam Narang, the staff research engineer at Tenable, told ZDNet that some of these risks could be handled by a variety of simple cyber hygiene, such as patch management, assurance of compliance with robust password protection protocols, frequent backups of virtual devices that are not available from the same network, and ensuring that systems are secured by endpoint and gateway protection tools.
In the cybercriminal’s toolkit, social engineering is still a feasible instrument, but routine security awareness training is another asset in the fight against these attacks, he said.
