Common Cyber Attacks Against Remote Schools

New Threats of Cyber Attacks for Remote School

The 2020 “Back to School” season has arrived. However, unlike recent decades, or centuries for that matter, a majority of children across America will be attending their classes “digitally.” Dining room tables have become school desks for students, and living rooms are now classrooms for teachers. As a result of the COVID-19 pandemic, teachers are forced to live-stream lessons to their classes using their home networks. Students are also using various digital devices, provided by school districts, to complete their coursework. But are these remote learning devices and home networks vulnerable to hackers? Absolutely. Let’s look at some of the different ways remote learning and online schoolwork can fall victim to cyber attacks.

Ransomware

In 2019, before COVID-19, over 500 schools across the United States fell victim to ransomware attacks. Ransomware is a type of software that is often used by cybercriminals. Ransomware acts as a digital kidnapper holding data or devices hostage, using encryption, until a certain ransom, usually, money, is given to the hackers. Most often, hackers will promise the means of decryption once they have received payment. Recently, a wave of ransomware attacks took place throughout school districts in Louisiana, which prompted Governor John Bel Edwards to declare a state of emergency. Luckily, the governor’s actions enabled teams of government cybersecurity experts to respond to the attack before the commencement of the new school year. Other schools across the United States have not been as lucky. In June 2019, two Florida municipalities—Riviera Beach and Lake City—paid a combined total of $1.1 million to free their school district networks from ransomware. A ransomware attack can undoubtedly be disastrous and costly for school districts immersed in remote learning. A cyber attack can potentially cripple the entire school network used to stream lessons, disable learning devices, and compromise all personal information related to students and school staff until officials agree to pay the demanded ransom.

Phishing

Taking advantage of the COVID-19 pandemic or other current events, hackers can use phishing attacks as a method to steal sensitive personal information or any school-related data. Phishing cyber attacks generally use e-mails or malicious websites to solicit information. Disguised as some trustworthy entity, such as a school administrator, IT department, or government official, a hacker tricks a victim into providing the information needed to steal secure data or enter protected databases. In June 2020, using a phishing cyber attack against several higher education institutions such as Harvard and Stamford, hackers gained access to a list of e-mail addresses belonging to students and administrators. But you might ask yourself, what’s the big deal about a list of e-mail addresses being compromised? In addition to sending a racially-charged message to each e-mail address on the stolen list, a large percentage of the listed e-mail addresses were used to fraudulently apply for loan applications on behalf of the students impacted by this breach. According to the FBI, the use of e-mail phishing attacks has increased drastically, specifically targeting enterprises that have moved into remote operation due to the COVID-19 pandemic.

DDoS Attack

In the first week of the new school year, a Floridian student managed to completely dismantle the remote learning apparatus of Miami-Dade County Public Schools. Authorities charged a 16-year-old high school student using a string of distributed denial-of-service (DDoS) attacks, causing a county-wide disruption of access to virtual classrooms during the first week of remote learning. A DDoS attack generally prevents access to a website or prevents it from normally functioning using a technique to overload a web server. During a DDoS cyber attack, cybercriminals send a high amount of access requests to a web server causing it to crash due to the overwhelming web traffic. These attacks are simple to carry out and can take weeks to mitigate and restore the systems in question. The Miami Dade County Public School district struggled with accessing their online learning platforms for two days before education officials even became aware that their server fell victim to a DDoS attack.

How Safe is Your Remote Classroom from Cyber Attacks?

In these truly unprecedented times, COVID-19 has transformed the way we depend on technology. As varieties of cyber-attack incidents against schools make national headlines, it is clear that government officials lack cybersecurity budgets for their schools. Schools typically fail to educate their educators in simple strategies that may mitigate the cyber threats to their online classrooms. In a historic vote, Congress approved $31 billion for the education sector in an initial Coronavirus relief bill, which included grants for online learning and approximately $13 billion for elementary schools. How much of this $13 billion grant is going to cyber-security? The answer: $0. The Microsoft Security Intelligence website records report encounters between devices and malware according to the industry in the last 30 days. The business and professional service industry accounted for 9.43% of cyberattacks, while the retail goods industry reported 8.7%. Other industries, such as financial services, made up 5.85% of reported attacks, as 4.97% of attacks targeted the healthcare industry. Disturbingly, Microsoft Security Intelligence reports that a staggering 62% of reported cyber-attacks in the last 30 days have specifically targeted the education industry.

Although we have discussed some of the potential cyber threats against online classrooms in the wake of COVID-19, it is critical to understand that cybercriminals have a sophisticated cache of virtual weapons, which can incapacitate school technologies. Are teachers, parents, and students equipped with the tools to navigate cyber risks as schools operate remotely? As schools adapt to the “new normal,” it may be time for school districts to include cybersecurity countermeasures into the remote learning lesson plan. If you are curious about implementing these solutions into your school or business, contact us for your risk-free consultation.