Education - The most common cyber-attacks on schools
Cyber-attacks have always been on the rise. However, over the last few months, remote learning and remote working have caused a surge in these attacks. This is because the necessary cyber security that is usually in place in schools, colleges, and universities was lacking at home. Many cybercriminals took advantage of the weaknesses in remote learning and remote working. Despite the fact everyone has returned to school, college, or university, cybercriminals are still attempting to find weaknesses in their systems. The most common cyber-attacks on schools can cause many, devastating consequences.
Over the past few months, we’ve noticed the most common cyber-attack on schools has been ransomware. Though other attacks such as phishing and DDoS have been used to create harm and disruption to school systems, ransomware has appeared in the news more often than others.
Ransomware will often result in a cybercriminal demanding ridiculous amounts of money. Once they have this money they will usually hand over the encryption key.
The fact this has become the most common cyber-attack on schools is worrying. This is because a cybercriminal will demand money from the education sector knowing they need that money to provide vital support for students learning.
However, it’s not surprising that these criminals are so heartless. Recently, it’s been reported in the news that they’ve been targeting big charities such as The Salvation Army.
Another common cyber-attack on schools is social engineering. At CapNet, we saw a rise in social engineering attacks on UK businesses and we have been focusing a lot of our time and resources on preventing phishing and spear phishing attacks on our customers.
Unlike other attacks, social engineering doesn’t rely on attacking your systems or servers, but instead, it preys on the kind or susceptible people within a school, company, or organisation. We have been creating educational content on our website blog posts, as well as sending out newsletters about phishing, and services we offer that can prevent it. We are also creating free videos, resources, and quizzes to educate teachers, students and parents on how to spot a phishing email, and how to report one.
These common cyber-attacks on schools don’t seem to be slowing down any time soon. The NCSC has ‘published an alert to education establishments warning of an increase in ransomware attacks.’
We thought it’d be useful to break down some of the common cyber-attacks on schools, how to prevent them, and the services we offer.
1. Ransomware:
Ransomware is currently the most common cyber-attack on schools the minute. Ransomware is when cybercriminals release malicious software on your device or server to obtain or encrypt sensitive data. Once they have done this they will hold it ransom and demand a ridiculous amount of money. If you pay the ransom, they will usually give you the encryption key so you can get the data back.
However, it’s not always guaranteed they will give you the encryption key back, but it’s more than likely that they will. Risks of not paying the ransom can result in encrypted data being sold to third parties across the dark web.
Cybercriminals have demanded ridiculous amounts from UK businesses in the past few months. Examples of this include Acer, British Airways, and Kia Motors.
Cybercriminals will often demand millions of pounds for the company to have the encryption key. When Acer was targeted, the hackers demanded they pay $ 50 million. Acer was able to negotiate a smaller fee, but it was still millions.
As of yet, there haven’t been any reports on how much cybercriminals are forcing individual schools to pay. However, ransomware being the most common threat to schools is concerning given how much they’ve demanded from companies and charity organisations in the past.
When it comes to stealing data, cybercriminals don’t pick their victims based on what the sector or organisation is… they pick them based on how easily they think they can get into their systems.
As more and more news articles are reporting clear weaknesses in the education’s infrastructure, it has opened schools up to more ransomware attacks.
Areas, where schools have been targeted, include Bedfordshire, Nottinghamshire, and Bristol.
Though the consequences and the severity of the attack have been different for each school, some of the impacts have resulted in servers and systems having to be shut down, coursework being destroyed, and schools having to close altogether and return to remote learning.
By not securing your systems or having a proactive and reactive IT department any school could be at risk of these brutal attacks.
At CapNet, we have a range of IT Support that can help to mitigate these common cyber threats to schools. We can conduct a pentest on your systems to find any weaknesses that will need patching up to prevent any cybercriminals from coming across them. We can also provide up-to-date software and antivirus for all devices or provide laptops with everything already installed in them.
2. DDoS (Distributed Denial of Service):
DDoS attacks are another common cyber-attack on schools. Though a DDoS won’t cause any harm to school data, it can cause a lot of disruption to their website and servers. This is a rare type of security threat but it has appeared in the news over the last few months.
A DDoS is where cybercriminals will send a large number of traffic requests to a website to overwhelm and crash the site. By overwhelming the website with fake traffic it will then start to refuse access to genuine users.
Think of it like when a well-known company such as Apple release a new tech product, or when Nike release new trainers. When thousands of people log into their site hoping to grab the limited number of new releases, the high volume of traffic can cause the website to crash. Have you ever logged into a website only to be greeted with an error page? Or asked to try again later? Or even for the website to lag and run slow, before kicking you out? This can be caused by an increase in users attempting to access the website at the same time.
However, the difference between the above example and a DDoS attack is that a DDoS attack is intended to be malicious, whereas a popular website being overwhelmed by traffic is simply because it’s popular.
DDoS attacks are designed to stop genuine users from visiting your site or using your servers. This will prevent customers from viewing or purchasing products and services. This can also stop your devices from being able to perform correctly and cause disruption.
It’s not known exactly why a cybercriminal would want to action a DDoS attack on the education sector, but schools based in Bradford have become the victims of numerous attacks on their servers.
This attack resulted in schools having no internet access which meant they couldn’t access online learning. On top of this, teachers couldn’t access vital emails which meant the schools had to close for safeguarding reasons.
3. Phishing:
Though ransomware seems to have taken the number one spot for the most common attack on schools this year, phishing has become the biggest threat to UK businesses. Schools are highly susceptible to phishing attacks and it can be simple for cybercriminals to use this technique to target the education sector.
Phishing is a form of social engineering and unlike other malicious attacks, it doesn’t require attacking devices and servers. Instead, it relies on human psychology. Someone who is hoping to implement this attack will disguise themselves as a trusted source. They will have you believe you are emailing, texting, or calling a genuine person who has every intention of helping you. Once they have you believe this persona, they will then trick you into handing over sensitive information.
For example, in the education sector, they might create a new account or hack an existing account of a teacher, IT department, or someone much higher up. They may ask for details such as your password, bank details, or information belonging to someone else. They will usually have done their research beforehand and will know how these departments typically communicate with you so that you’re more likely to believe it’s them.
Phishing can be extremely difficult to spot, and cybercriminals will often play on your trust and kindness. However, all teachers, staff, and students must know not to send any personal or sensitive information over email or text. Even if they are genuine users, you never know if their email may get hacked in the future, resulting in your details being viewed by an unwanted source.
They may also target a group of individuals. For example, they may get hold of parents’ emails and ask them to send over their most up-to-date bank details or personal information. So, everyone needs to work together and ensure they aren’t falling for these scams. If someone is unsure if an email, text, or call is a scam, they should be advised to contact the number of the person they usually deal with.
The consequences of an individual falling for a phishing attack can be devastating. By sending over sensitive information, it could be giving cyber criminals access to a wide range of information or allowing them to access devices or servers.
For example, if a teacher sent over their login-in details, they would have access to all their conversations and any other sensitive information that has been discussed in these emails.
As this has been one of the biggest threats we’ve been dealing with this year, we can offer many tips, advice, and services to reduce this attack. This includes our new spam filter, which will filter out potential phishing emails. We can also provide cyber security training to every department where we teach them about spotting, avoiding, and reporting scam emails. On top of this, we regularly post about ways to spot phishing and scam emails, as well as provide useful resources that can be shared with pupils in their IT lessons.
4. Password attack:
Lastly, another common cyber-attack on schools is password attacks. A password attack is when a cybercriminal gains access to genuine emails which is easy to do and then types out thousands of different password combinations within seconds to try and hack into the account.
Passwords they might guess include ones that have been successful in previous data breaches. They will also use generic and obvious passwords such as Password123, which is surprisingly still used by so many people.
If these methods fail, they might try crawling the social media platforms of the person they are trying to hack to find out everything they can about them. Most people will usually use memorable passwords such as their pet’s name, child’s name, or even the name of their street. These are typically things that someone will share on the likes of their Instagram or Facebook page. If you’re not using privacy settings, a cybercriminal can come across this information and begin guessing every possible password from the information on your social media.
If schools are using weak passwords and they are targeted through a password attack, it can result in cybercriminals gaining access to a wide range of accounts and information.
At CapNet, we always advise that every school put a password policy in place. This policy should be followed by all members of staff, students, and parents. We also have tips on how to create a strong password to ensure everyone is complying with the password policy.
Conclusion:
Though some cyber-attacks on schools can cause more damage than others, any threat will cause unnecessary issues and stress. When the pandemic caused everyone to work/learn remotely, cyber-attacks on schools increased dramatically. However, despite the fact most people have returned to face-to-face learning, the threats to the education sector aren’t showing any sign of slowing down.
Whether a school needs to shut down email accounts, servers, or the entire school itself, it is disrupting students learning as well as causing stress and disruption to teachers’ lessons.
We have a wide range of services that can help keep schools safe. If you have any enquiries about some of the services we have mentioned or if you wish to find out more about additional services or products, please give one of our friendly engineers a call today or complete our enquiry form and we’ll get in touch with you.