U.S. cybersecurity officials are warning K-12 educators of an uptick in cyberattacks designed to exploit and disrupt distance learning during the COVID-19 pandemic.
Bad actors are targeting schools with ransomware, data theft and other attack methods, the FBI and Cybersecurity and Infrastructure Agency (CISA) said in a new advisory.
“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the alert says.
“These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”
These attacks have not slowed, and cybercriminals are utilizing methods and tools typically used in attacks, according to officials.
The agencies, citing the Multi-state Information Sharing and Analysis Center, said 57% of ransomware incidents reported involved K-12 schools in August and September. That’s a rise from 28% from January through July.
The most common ransomware strains targeting education are Ryuk, Maze, Nefilim, AKO and Sodinokibi/REvil, according to the advisory.
Cybersecurity officials have also observed malware attacks on state, local, tribal and territorial educational institutions over the last year. Zeus is highlighted the most common type of malware hitting schools on Windows operating systems. Attackers use it to infect machines and send stolen information to command-and-control servers.
Meanwhile, Shlayer targets MacOS systems through malicious websites, hijacked domains and malicious advertising.
Phishing and social engineering
A frequent type of attack on the enterprise – phishing – is also becoming common in education, with cyber actors targeting students, parents, faculty, IT professionals and others involved in distance learning operations. These attacks masquerade as legitimate requests for information via email and trick users into revealing account credentials or other information.
Other attacks leverage fake domains that are similar to legitimate websites in an attempt to capture credentials.
Other disruptions mentioned in the advisory include DDoS attacks and videoconferencing hijacking.
To mitigate these attacks, the agencies recommend a long list of best practices and steps to take, like:
- Patching out-of-date software
- Regularly changing passwords
- Using multi-factor authentication on all accounts
- Setting security software to automatically update and conduct regular scans
- Disabling unused remote access/RDP ports and monitoring logs
- Implementing network segmentation
- Training for students, teachers and other staff
- Looking into a technology provider’s cybersecurity policies and practices before agreeing to a contract