The 2022-23 school year was predicted to be a challenge for leaders in terms of cybersecurity. Following a massive ransomware attack against the second-largest school district in the country, Los Angeles Unified, in September, a joint cybersecurity advisory was released warning school districts that an increase in targeted ransomware attacks is expected. Now, experts are warning that even after a ransomware attack is seemingly resolved, leaders should still expect to find personal data belonging to their students and staff on the dark web. But why?
“It’s part of a tactic called double extortion,” says TJ Sayers, cyber threat intelligence manager at the Center for Internet Security. Ransomware actors exfiltrate data and encrypt it, making it inaccessible without special decryption keys. Then, if the ransom isn’t paid, they not only withhold the key, they threaten to expose the stolen data online.”
But paying these criminals doesn’t always keep them from selling the data, he adds. Instead, they may wait several months after the incident and “blend the stolen data” with other information before leaking it on the dark web.
“This tactic enables these groups to obfuscate the practice and complicate efforts that seek to draw connections between a ransomware attack, victim payment and that data still making it onto the dark web for sale,” Sayers says.
More from DA: Social media is undermining education, says the AFT. What needs to change?
Fuel to the fire
Recent reports have revealed that the education sector is now the number one target for cyberattacks. This mainly has to do with the fact that the pandemic produced a dramatic surge in technology use among students and staff, which opened more windows for criminals to creep into, Sayers explains.
“COVID-19 fueled the demand for at-home schooling capabilities, where availability and access initially triumphed over security,” he says. “More devices circulating among students, many of which are brought from school networks to home networks and back, give adversaries additional targets for cyber-enabled attacks.”
Additionally, leaders must assume that a student’s home network does not meet the same security standards as their school’s network, making it much easier for a threat actor to infiltrate while the student is away from school.
“Education should stay streamlined and simple, focusing on the common tactics used to target victims, such as phishing, and clear instructions to be suspicious of all online interactions,” he says. “Cybercriminals and online predators are masters at social engineering and are able to manipulate impressionable students easier than adults.”
Slowing the threat
Given this unprecedented rise in cyberattacks against K12 schools, what will it take to mitigate the risk? One of the best things tech leaders can do for their schools is to take a “whole-of-community approach” by getting involved with information-sharing networks, including the Multi-State Information Sharing and Analysis Center (MS-ISAC).
“The Center for Internet Security offers no-cost membership to MS-ISAC and K12 schools are the largest membership subsector,” Sayers explains.
Leaders with access to this free resource can leverage a number of services and solutions, including:
- K-12 Working Group: a diverse group of educational agencies, focused on understanding the issues, challenges, and concerns of school districts throughout the country with aims to improve overall K-12 cybersecurity posture.
- Malicious Domain Blocking and Reporting: a highly effective, no-cost security solution that proactively blocks network requests from known harmful web domains, helping protect IT systems against threats like malware, phishing, and ransomware.
- 24x7x365 Security Operations Center: provides real-time network monitoring and notification, early cyber threat warnings and advisories, and vulnerability identification and mitigation.
- Cyber Threat Intelligence: maintains a curated, real-time, bi-directional indicator-sharing platform that tailors threat intelligence specifically for SLTTs.
- Cyber Incident Response Team: conducts malware analysis, computer and network forensics, malicious code analysis and mitigation, and incident response.
Although the school year is just weeks away for most districts, there are several preventive measures leaders should be taking now to ensure the 2023-24 school year is as safe as possible. First, Sayers advocates spreading awareness to faculty, students and parents now about some of the most common tactics cybercriminals use, such as phishing. Tech leaders should also be prioritizing “quick win IT security items,” including access control, data encryption and easily implementable security solutions. But most of all, educate your students about the issue.
“If you suspect something isn’t normal, notify a trusted adult immediately.”
