Cyberattacks against schools are on the rise

With the back-to-school season, schools and academic organizations are seeing an increase in cyberattacks, says Check Point Research.

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Image: Getty Images/iStockphoto

This year’s back-to-school season is quite different than it has been in the past. With the coronavirus pandemic and resulting lockdown, many school systems are restricting teachers and students to remote access or offering some combination of classroom and virtual training.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic) 

However school is being conducted, cybercriminals are naturally taking notice of the season, which is why there’s been an increase in attacks against academic facilities as of late. A Tuesday blog post published by cyber threat intelligence provider Check Point Research looks at the rise in such attacks across the US, Europe, and Asia, and offers advice on how schools can better protect themselves.

Between July and August of 2020, the average number of weekly cyberattacks per educational facility in the US rose by 30% to 608 from 368 the prior two months, according to Check Point. The primary tactic used has been the distributed denial-of-service (DDoS) attack. In one recent example, a teenage hacker in Florida targeted the Miami-Dade school system with a series of DDoS attacks, disrupting online classes.


Image: Check Point Research

Also during July and August, cyberattacks increased against academic institutions in Europe. The number of weekly attacks per educational organization across the continent rose by 25% to 793 from 638 the prior couple of months. As one recent example, the UK’s Newcastle University was hit by a cyberattack that impacted its network and IT systems.

Asia has also seen an increase in attacks against schools. In this region, the average weekly attack per educational facility in July and August rose by 21% to 1,598 from 1,322 the prior two months. Here, cybercriminals have specialized in three tactics: DDoS attack, remote code execution, and information disclosure.

“The coronavirus pandemic has been a forcing function for not only remote work, but remote learning,” Omer Dembinsky, manager of data intelligence at Check Point, said in a press release. “Hackers are eyeing students returning to virtual classes as easy targets. These attacks can include malicious phishing emails, ‘Zoombombs,’ and even ransomware. I strongly urge students, parents, and institutions to be extra careful these next few months, as I believe the attack numbers and methods will only get worse.”

To help educational facilities combat cyberattacks, Check Point broke down a range of recommendations geared toward security professionals, schools, students, and parents.

Tips for security professionals

  1. Reduce attack surface. A common approach in information security is to reduce the attack surface. For endpoints, you need to take full control of peripherals, applications, network traffic, and your data. You need to encrypt data in motion, at rest, and when it’s in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance.
  2. Prevent before it runs. First block known attacks by using endpoint anti-malware and reputation, and then prevent unknown attacks. To thwart various exploits, use anti-exploit technology to prevent drive-by attacks and protect your applications. Finally, you can inhibit user mistakes by implementing zero-phishing technology that blocks phishing sites, prevents credential reuse, and detects compromised passwords.
  3. Use runtime protection. Anti-ransomware technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioral analysis and generic rules.
  4. Contain and remediate. Contain attacks and control damages by detecting and blocking command and control traffic and prevent the lateral movement of malware by isolating infected machines. You can then remediate and sterilize your environment by restoring encrypted files, quarantining files, killing processes, and sterilizing the full attack chain.
  5. Understand and respond. The final principle is to know you must quickly triage events, understand the full nature of the attack, and immunize other surfaces by sharing Indicator of Compromise (IoC) and Indicator of Attack (IoA) information.

Tips for schools

  1. Get anti-virus software. Make sure your student laptops and other devices are protected by antivirus software that prevents them from accidentally downloading malware. Turn on automatic updates for that anti-virus software.
  2. Establish a strong online perimeter. Schools should establish strong boundary firewalls and internet gateways to protect networks from cyberattacks, unauthorized access, and malicious content.
  3. Check third-party providers thoroughly. Schools should ensure that they thoroughly vet all third-party platform providers.
  4. Monitor the system, constantly. Schools must monitor all of their systems continuously and analyze them for unusual activity that could indicate an attack.
  5. Invest in online cybersecurity education. Ensure that members of staff understand the risks. Conduct regular sessions for students so they are aware of the latest cybersecurity threats.

Tips for students

  1. Cover your webcam. Turn off or block cameras and microphones when class is not in session. Also, be sure that no personal information is in the camera view.
  2. Only click on links from trusted sources. When in the remote school collaboration platform, only click on links that are shared by the host or co-hosts, and only when directed to do so.
  3. Log in directly. Always be sure to log in directly to your schools’ remote school portals. Do not rely on email links and be aware of lookalike domains on public tools.
  4. Use strong passwords. Hackers often attempt to crack passwords, especially short and simple ones. Adding complexity to your password helps thwart those attempts.
  5. Never share confidential information. Students should not be asked to share confidential information via online tools. They should keep all personal information off cloud storage platforms.

Tips for parents

  1. Talk to your kids about phishing. Teach your children to never click on links in email messages before they first check with you.
  2. Call out cyberbullying. Explain to your children that hurtful comments or pranks delivered online are not OK. Tell them that they should immediately come to you if they experience or see someone else experience cyberbullying.
  3. Explain that devices should never go unattended. Your kids will need to understand that leaving a device for unwanted hands can be detrimental. Hackers can log into your devices and assume your child’s identity online.
  4. Set parental controls. Set the privacy and security settings on websites to your comfort level for information sharing.
  5. Increase awareness. Cybersecurity literacy is an important skill set, even for the youngest schoolchildren. Invest the time, money, and resources to make sure your child is aware of cybersecurity threats and precautions.

Also see