CISA: Hackers Increasingly Targeting K-12 Virtual Classes
U.S. cybersecurity officials are warning K-12 schools that hackers are increasingly targeting them. Here’s how campuses can mitigate these risks.
As schools everywhere continue to rely on critical IT services to support distance learning via videoconferencing and collaboration tools, cybercriminals are taking notice.
“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the alert says.
“These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”
These attacks have not slowed, and cybercriminals are utilizing methods and tools typically used in attacks, according to officials.
The agencies, citing the Multi-state Information Sharing and Analysis Center, said 57% of ransomware incidents reported involved K-12 schools in August and September. That’s a rise from 28% from January through July.
The most common ransomware strains targeting education are Ryuk, Maze, Nefilim, AKO and Sodinokibi/REvil, according to the advisory.
Cybersecurity officials have also observed malware attacks on state, local, tribal and territorial educational institutions over the last year. Zeus is highlighted the most common type of malware hitting schools on Windows operating systems. Attackers use it to infect machines and send stolen information to command-and-control servers.
Meanwhile, Shlayer targets MacOS systems through malicious websites, hijacked domains and malicious advertising.
Phishing and social engineering
A frequent type of attack on the enterprise – phishing – is also becoming common in education, with cyber actors targeting students, parents, faculty, IT professionals and others involved in distance learning operations. These attacks masquerade as legitimate requests for information via email and trick users into revealing account credentials or other information.
Other attacks leverage fake domains that are similar to legitimate websites in an attempt to capture credentials.
Other disruptions mentioned in the advisory include DDoS attacks and videoconferencing hijacking.
To mitigate these attacks, the agencies recommend a long list of best practices and steps to take, like:
- Patching out-of-date software
- Regularly changing passwords
- Using multi-factor authentication on all accounts
- Setting security software to automatically update and conduct regular scans
- Disabling unused remote access/RDP ports and monitoring logs
- Implementing network segmentation
- Training for students, teachers and other staff
- Looking into a technology provider’s cybersecurity policies and practices before agreeing to a contract
This article originally ran in CS sister publication MyTechDecisions.com. Zachary Comeau is TD’s web editor.