Education Sector: A Lucrative Target for Cyberattackers

Cyber disruptions across the education sector have become more common than ever. Over the past two months, the sector has been dealing with a barrage of vulnerability exploits, malware, DDoS, and phishing attacks.

Recent incidents

  • Fairfax County Public Schools, one of the largest school divisions in the U.S., was hit by a ransomware attack. The attack has been claimed by the Maze group, who leaked approximately 100MB of the stolen data as proof. 
  • The Hartford Public Schools district also got hit by ransomware that delayed school reopening. The attack knocked off various critical systems offline.

Some statistics your way

  • The most common threats faced by the education sector came from downloaders and adware, followed by trojans. 
  • Until June, 2,449 Zoom-related domains were registered, out of which 32 were found to be malicious. To date, Zoombombing is in full force. 
  • Most of the targeted academic institutions in the U.S. saw an average weekly increase of 30% in attacks during the past two months. At the same time, institutions in Europe saw an increase in attacks by 24%.

Why the sudden increase in attacks?

  • DDoS attacks have seen a massive hike, sometimes owing to students checking out dedicated tools available online for free. However, most of the attacks were deployed by hacktivists.
  • With the sudden shift of education to virtual environments, the threat profile has changed. The new normal requires new cyber policies and plans.
  • Digital classrooms are no different than other industries, at this point, since a multitude of threats have followed the flexible workspace. 
  • While many institutions have allocated resources to fend off cyberattacks, others fall short due to budgetary constraints. Consequently, vulnerable endpoints, at-risk connectivity, and phishing have contributed to the surge of remote access exposure. 

The bottom line

Experts state that these attacks will continue, mostly because a lot of schools lack the readiness to fight even a run-of-the-mill DDoS attack. Moreover, it is not only cybercriminals the sector needs to worry about but also, students who aim to obstruct the digital delivery of education.