CISA: Hackers Increasingly Targeting K-12 Virtual Classes

U.S. cybersecurity officials are warning K-12 schools that hackers are increasingly targeting them. Here’s how campuses can mitigate these risks.

CISA: Hackers Increasingly Targeting K-12 Virtual Classes

U.S. cybersecurity officials are warning K-12 educators of an uptick in cyberattacks designed to exploit and disrupt distance learning during the COVID-19 pandemic.

As schools everywhere continue to rely on critical IT services to support distance learning via videoconferencing and collaboration tools, cybercriminals are taking notice.

Bad actors are targeting schools with ransomware, data theft and other attack methods, the FBI and Cybersecurity and Infrastructure Agency (CISA) said in a new advisory.

“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the alert says.

“These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”

These attacks have not slowed, and cybercriminals are utilizing methods and tools typically used in attacks, according to officials.


The agencies, citing the Multi-state Information Sharing and Analysis Center, said 57% of ransomware incidents reported involved K-12 schools in August and September. That’s a rise from 28% from January through July.

The most common ransomware strains targeting education are Ryuk, Maze, Nefilim, AKO and Sodinokibi/REvil, according to the advisory.


Cybersecurity officials have also observed malware attacks on state, local, tribal and territorial educational institutions over the last year. Zeus is highlighted the most common type of malware hitting schools on Windows operating systems. Attackers use it to infect machines and send stolen information to command-and-control servers.

Meanwhile, Shlayer targets MacOS systems through malicious websites, hijacked domains and malicious advertising.

Phishing and social engineering

A frequent type of attack on the enterprise – phishing – is also becoming common in education, with cyber actors targeting students, parents, faculty, IT professionals and others involved in distance learning operations. These attacks masquerade as legitimate requests for information via email and trick users into revealing account credentials or other information.

Other attacks leverage fake domains that are similar to legitimate websites in an attempt to capture credentials.

Other disruptions mentioned in the advisory include DDoS attacks and videoconferencing hijacking.

To mitigate these attacks, the agencies recommend a long list of best practices and steps to take, like:

  • Patching out-of-date software
  • Regularly changing passwords
  • Using multi-factor authentication on all accounts
  • Setting security software to automatically update and conduct regular scans
  • Disabling unused remote access/RDP ports and monitoring logs
  • Implementing network segmentation
  • Training for students, teachers and other staff
  • Looking into a technology provider’s cybersecurity policies and practices before agreeing to a contract

This article originally ran in CS sister publication Zachary Comeau is TD’s web editor. 

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

2 responses to “CISA: Hackers Increasingly Targeting K-12 Virtual Classes”

  1. Dahua says:

    CCTV surveillance systems are excellent deterrents against incidents occurring during school hours, whether that is bullying, unauthorised access, or vandalism.

    Security cameras can help to keep student safety at the forefront and can be used to identify bottleneck areas on the school premises. Are there certain corridors that are densely packed during the start of the day or when classes let out for break times? Are there doors to external areas that become jammed with a large number of students using it as an entry/exit point? Could a better travel system be implemented, such as one-way travel, staggered break times for year groups or dedicated entry points for certain year groups?

  2. Preventing Anti-Social Behaviour
    Video surveillance
    Unfortunately, schools still regularly fall victim to vandalism and theft onsite, particularly over the weekends and holidays when the school is usually unmanned. CCTV systems that are focused on problem areas such as sports equipment sheds, cycle storage areas and any external outbuildings that lie away from the main building, act as a great deterrent against opportunistic thieves and vandals.
    CCTV camera price for school.
    Additionally, schools can be hot areas for anti-social behaviour from drug dealing and alcohol-related incidents through to being popular areas for rough sleepers and occasionally, trespassing traveller communities, who can be difficult to remove from the premises once they have set up camp.
    CCTV camera price
    Schools are often targeted by intruders during out of hours periods, such as weekends, nights, term holiday periods or other events that result in closures. Many premises have hi-tech or high value equipment on site which they need to protect as well as deter anti-social behaviour that can result in criminal damage, theft, vandalism and in some cases even arson.
    CCTV installation

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo