School districts across the country, already under a stress test from the COVID-19 pandemic, are increasingly facing cyberattacks by criminals exploiting their cybersecurity vulnerability.
“Unfortunately, in the context of U.S. K-12 public school districts, cybersecurity risks are now neither hypothetical, nor trivial,” said the State of K-12 Cybersecuirty: 2020 Year in Review authors.
Schools Become Popular Target of Ransomware Attacks
That report found that after 116 total disclosed cyber incidents in the first six months of 2020, cybercriminals started targeting school districts during pandemic remote learning with a staggering 292 incidents reported in the final six months of the year.
“Whether as collateral for ransomware attacks or to sell on the dark web, cyber actors may seek to exploit the data-rich environment of student information in schools and education technology (edtech),” said the FBI.
While business targets, such as the Colonial Pipeline attack earlier this year, receive much of the publicity, the Joint Cybersecurity Advisory — put out by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) – warned that more than half of all ransomware attacks (57 percent) reported in August and September 2020 were against K-12 schools, up from 28 percent of attacks in the first six months of the year.
“The emphasis on technology and cybersecurity has really ramped up in the last 10 years in the K-12 space. However, in the last five or six years, most school districts have made an extra effort to focus on cybersecurity. Things have definitely changed, and school districts are a huge target now,” Chris Langford, Director of Network, Infrastructure and Cybersecurity for Lewisville Independent School District (LISD) in Texas, told Security Info Watch. “Especially when you’re looking at ransomware. The school districts are a massive target for ransomware and extortion from the threat actors.”
Texas School Districts Under Cybersecurity Threats
The size of some Texas school districts, such as LISD can make cybersecurity challenging.
LISD, for example, must safeguard the information of 50,000 students and 6,500 staff across 75 locations spread out over 120 square miles.
WFAA reported in November 2021 that “two dozen Texas school districts, many in North Texas, have been hacked in a wave that experts say will only get worse.”
The scope of the problem is likely much greater than publicly acknowledged as many cyberattacks on school districts are not reported.
WFAA says that “over the summer, the Texas Education Agency released a list of more than 70 districts that reported cybersecurity breaches since 2019. However, when WFAA asked for an updated list in September, TEA denied the request.”
Among districts affected:
- Allen ISD: The school district alerted parents September 23, 2021 that the district had experienced “network outages that impacted several systems, including Wi-Fi, printers and phones” due to a cybersecurity threat.
- Lancaster ISD: The school district was attacked in June 2021 with WFAA reporting that “hackers ultimately posted thousands of pages of Lancaster ISD’s stolen internal records, including personnel files containing Social Security numbers and other sensitive information.”
- Judson ISD: The school district was hacked in June 2021 with a ransomware attack crippling all the district’s electronic systems: phones, Wi-Fi, computers, fax machines, and even electronic badges for doors. The school district ended up paying $547,000 out of school funds to stop the hack, one of the largest ransoms paid by a school district on record.
The Types of Cyber Attacks on School Districts
The FBI breaks the cyberattacks on school districts into the following categories in the Joint Cybersecurity Advisory:
- Ransomware: The five most common ransomware variants identified in incidents targeting K-12 schools between January and September 2020—based on open source information as well as victim and third-party incident reports made to MS-ISAC—are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil.
- Malware: ZeuS and Shlayer are among the most prevalent malware affecting K-12 schools. ZeuS is a Trojan with several variants that targets Microsoft Windows operating systems. Cyber actors use ZeuS to infect target machines and send stolen information to command-and-control servers. Shlayer is a Trojan downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malicious advertising posing as a fake Adobe Flash updater.
- Distributed Denial-of-Service (DDoS) Attacks: Cyber actors are causing disruptions to K-12 educational institutions—including third-party services supporting distance learning—with DDoS attacks, which temporarily limit or prevent users from conducting daily operations.
- Video Conference Disruptions: Numerous reports received by the FBI, CISA, and MS-ISAC since March 2020 indicate uninvited users have disrupted live video-conference classroom sessions. These disruptions have included verbally harassing students and teachers, displaying pornography and/or violent images, and doxing meeting attendees.
Mitigating Cyber Attacks on School Districts
School districts can help mitigate cyberattacks with training of personnel on cyber security protocols.
The FBI says user best practices should include:
- Focus on awareness and training. Because end users are targeted, make employees and students aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
- Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.
- Monitor privacy settings and information available on social networking sites.
In Texas cybersecurity training is mandated for school employees who have access to district computer systems or databases and who use a computer to perform at least 25 percent of required duties.
“The state of Texas has passed a law that every school district employee has to go through a cybersecurity training program that’s been certified by the State once a year. Our employees go through that plus the additional training that we do throughout the year and the simulated phishing tests,” said LISD’s Langford.
PS LIGHTWAVE provides high-speed, fiber Internet for public and private commercial entities in the Greater Houston and surrounding areas.
Through our high-quality infrastructure, innovative technology and expert, locally based support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. We invite you to learn more about our services, our history and our dedicated team.