In 1972, Alice Cooper sang a popular song: “School’s Out.” In 2020, school has literally been 'OUT for Covid.' The global pandemic has shut down many, many global school systems. This created a system of teaching virtually using a variety of on-line platforms. That turned the heads of black hat hackers to successively focus on attacking school systems, teachers, parents and students. Recently, there has been a significant increase in ransomware cyber-attacks on virtual classrooms. The Corona Virus has changed the way schools operate and greatly increasing the use distance learning which has brought about new cyber security challenges – which is a huge understatement.
An example is in the US, authorities are warning school administrators, teachers and students/parents that cyber criminals and bad actors are looking to exploit online classrooms. In the UK, the National Cyber Security Centre (NCSC) has been investigating an increased number of ransomware attacks affecting education establishments in Britain, including schools, colleges and universities.
Ransomware is a variant of malware that prevents a user from accessing their systems, or the data held on them. To get back to ‘normal,’ requires you to pay a cybercriminal to get your system back ‘to normal.’ Most often the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
The five most active ransomware groups targeting the US K-12 this year have been Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil. Recently, there has been a trend for cybercriminals to also threaten to release sensitive data stolen from the network during the attack, if their ransom is not paid. There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via “name and shame” websites on the Dark Net. Red Sky Alliance actually helped investigation a major school system in the US - New England area.
In early December 2020, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that showed a nearly 30% increase in ransomware attacks against schools. “In August and September, 57% of ransomware incidents reported to the Multi-State Information Sharing and Analysis Center (MS-ISAC) involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July,” the alert stated.
Attacks on virtual classrooms vary in severity. In Athens, Texas criminals blocked hundreds of files, and the school district paid a ransom this summer to unlock them. Another common incident that happens, according to Ring, is “zoom-bombing,” a practice where hackers enter an online classroom and post or yell a racist or inflammatory slur. This tactic often creates an immediate response.
The move to all levels of distance learning involves the increasing level of attacks because there are a high opportunity for disruption. Many such attacks motivated a desire to both steal information and extortion for financial gain. Some hackers just want to cause educational chaos.
Researchers have already noted earlier this year that DDoS attacks against the educational sector have increased not only in the US but internationally, as schools have moved their operations, in some instances - totally online. A combination of basic cyber hygiene, such as patch management, verifying compliance with strong password management policies, performing regular backups of essential systems that are not accessible from the same network, and ensuring that systems are protected with security software at the endpoint and gateway can help address some of these threats.
Law enforcement experts urge schools to work together with police authorities and if something happens to report it immediately to law enforcement. In Britain the NCSC recommends that organizations implement a ‘defense in depth’ strategy to defend against malware and ransomware attacks.
Our cool tool, RedXray can help with supporting network defenses and MSSP’s - in a proactive manner - by identifying underground threats and vulnerabilities.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/3702558539639477516
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Comments