How Schools Become Targets
For all of our customers' networks that we monitor, including school districts, we are constantly seeing malicious bots scanning public-facing systems for vulnerabilities. Public-facing systems are any systems that can be accessed publicly through the internet. The malicious bots are built to report what is vulnerable or automatically exploit these systems, then hand control over to their commander.
No matter what entity you are, how big you are, or what data you have - if you have vulnerabilities, you instantly become a target for cybercriminals. You don’t have to be a Fortune 500 business to be targeted by cybercriminals.
Many schools are not prepared to adopt a modern cybersecurity model that mitigates complex, emerging threats. Pricey personnel and technologies are often needed to protect vital assets – and cash-strapped district budgets often have little room for such investments. With school districts typically lacking the capabilities of thwarting cyber threats, they are often considered “soft targets” by cybercriminals for multiple reasons.
1. School districts must do what is necessary to restore day-to-day services as quickly as possible after attacks. These organizations are thought to be more likely to pay ransoms or give cybercriminals what they want.
2. Your information is valuable. A child’s identity is extremely attractive to identity thieves because it is a clean slate. Thieves use a child’s Social Security number to obtain employment, government benefits, or credit without detection until the child is of age to obtain credit.
3. Cybercriminals realize that many school districts face budget shortfalls and have a wide range of other expenses that take priority over cybersecurity.
These and other factors combined to make school districts some of the most high-profile and high-value targets for cybercriminals. It’s essential that educational leaders understand key security risks and how to prioritize focus.
Three Major Types of Cybercrime Hitting School Districts
1. Ransom and Extortion
Ransomware is one of the most impactful and widespread threats today. Education has been the number one target of ransomware attacks over the past couple of years. Education accounted for almost 1/4 of all ransomware attacks in 2016 according to a threat report from Kaspersky Security Bulletin. Outpacing every other industry on the planet, it is no secret that ransomware is a threat to education.
In a ransomware attack, a target computer system is infected by encryption software that effectively scrambles files and renders them inaccessible to the system’s owner. Cybercriminals then offer victims a “key” to restore files, often while demanding thousands in ransom.
Over the last several years, the number of ransomware attacks has exploded – and so has the average ransom demand. Experts estimate that ransomware damage will cost $11.5 billion by 2019 compared to $325 million in 2015. Initially, victim compliance with ransom demands is believed to have spurred growth in the size of ransoms. For individuals, ransomware demands average around $1,000.
With more individual computer users refusing, however, hackers are targeting institutions that cannot function without data and are more likely to pay ransoms. In a recent case, Columbia Falls School District in Montana received an extortion letter from an overseas hacking group. Johnston Community School District, in Iowa, was harassed by affiliates from an extortion ring that sent parents death threats via text message. The ransom demand in the former case: $150,000.
The most common threat in the cybersecurity landscape is phishing, where users are presented with an email purporting to be from an authority like their superintendent, a government agency, bank, or supervisor. Clicking links in the email leads to infection with ransomware or other kinds of viruses.
Phishing campaigns often target average employees who have no specialized cybersecurity knowledge and who only use online technology incidentally in the course of their duties. For example, unsolicited emails with infected attachments are often sent to HR departments. Phishing attempts can result in personal data being stolen. This often leads to identity theft, potentially causing lifelong financial complications for the victims. What’s more, such attacks can sometimes go undetected for years.
Schools have been getting hit with W-2 scams like this one, that compromised private information of 7,700 employees of Manatee County Schools. All staff should know the common signs of phishing emails and utilize basic security practices. Training is essential. One of our partners has a nifty solution HERE.
3. Cryptomining Malware
In schools specifically, we have recently seen cryptomining malware becoming more common than ransomware by a large margin in a very short period of time. According to Checkpoint, the frenzy of cryptocurrency mining has caused a "frenzy" of this malware to hit the internet in droves. This malware isn't always as immediately detrimental to a school or business as other types of cyberattacks. Cryptomining malware slows networks down to a crawl and shortens the lifespan of computing systems. Though these attacks have become a big trend, they are currently very preventable in most cases.
What You Can Do
Basic best practices can sometimes mitigate the damage even if a cyberattack cannot be prevented. For example, producing regular backups of important files limits the impact of ransomware. Many threats are introduced into the network environment by simple human error while faculty, staff, and students use online resources.
With that in mind, basic tools like a Web content filter that can block known hazardous sites will significantly curb risk. User access controls should be simple and straightforward, ensuring network access is restricted depending on the types of users. Proper user authentication is a big process to have nailed down as well. Finally, all devices and software should follow a standardized update policy. Proper patching is one of the easiest ways to significantly reduce the chance of a cyberattack.
Ask your team if all of the basic best-practices above are accounted for is a great place to start. School district leadership can take steps to ensure the safety of the entire district. Do you need guidance getting started? Contact us for a free consultation!
A fairly inexpensive and extremely effective anti-ransomware solution from one of our partners can be found here.