Surge in School Cyberattacks Expected, Ransomware Leading Threat

The FBI has issued a warning that K-12 school cyberattacks could surge during the uptick in remote-learning due to the COVID-19 pandemic.

Hackers find school cyberattacks attractive for two important reasons. First, schools hold troves of sensitive student data and have minimal defense mechanisms. That makes them the low-hanging fruit of cyberattack targets. Second, short-staffed IT teams are likely making school cyberattacks easier.

School cyberattacks make the news regularly. For example, virtual classes at Selma, California, schools abruptly ended last Friday after malicious hackers targeted the school district with a ransomware attack. And cybercriminals are increasingly targeting North Carolina school districts.

To find out more about school cyberattacks, we spoke with Guy Propper, threat intelligence team leader at Deep Instinct.

Channel Futures: Why is remote learning prompting more school cyberattacks?

Guy Propper: The transformation to a hybrid learning environment or mostly digital learning environment will make schools more vulnerable and targeted in two ways.

Deep Instinct’s Guy Propper

They become more accessible and easier to compromise. With the sudden thrust from brick-and-mortar to virtual, VPN etc., outside access transformed from occasional use to mainstream. Since a lot of this access was from home networks and home machines, schools didn’t and don’t have any way of protecting those devices. This new attack pathway enables the attacker to silently access the network and cause vast amounts of damage before the school’s security team even notices. In the time that it takes for the ransomware to be detected, the damage to bottom lines could be worse and the recovery process even longer. This creates unparalleled opportunity for threat actors.

If a school’s network has been taken down due to a ransomware attack, in today’s circumstances it [means] that the school simply cannot function at all. That is intrinsically different than before COVID-19 where if a ransomware attack occurred, it may have caused a major disruption, but it didn’t inevitably mean that schools could not open and hold classes. And if you add to that the fact that governments have earmarked funds for school districts, this simply increases their exposure.

CF: What sort of damage can be inflicted by successful school cyberattacks?

GP: In the worst situation, a school could be forced to close its doors. However, the level of damage … is likely to be in line with the attacker’s objectives. Typically attackers have two main objectives when targeting schools.

The first is to gain access to the student information system, where the attacker’s goal is likely to acquire student data and perhaps change grades. Most students do not have established credit ratings, which makes their personal information especially valuable. The second target is the school’s network. By encrypting the entire network, schools can become completely nonfunctional. It’s this lack of focus and staffing that the threat actors are going to maximize.

In a ransomware attack, the damage is likely to be the high ransoms that schools will be coerced to pay. Attackers appear to be aware of the greater vulnerability that schools are in. And they aren’t hesitating to manipulate the situation to coerce schools to pay high ransom amounts to resume normalcy.

CF: What aren’t schools doing that they should be doing to protect themselves?

GP: First, backups of key systems need to be made [and] written in an encrypted format offsite.

Secondly, I cannot emphasize enough the importance of …