Cybercriminals have increasingly shifted their attention to the education sector. As per Microsoft's report of global cyber threat activity, the education sector has been the most attacked industry with 63% of all cyber-attacks directed at the sector. This means two-thirds of all cybercriminals are targeting schools and universities.
A key reason for this is the type of important information that is kept on the school's IT systems of staff, students, and parents which fetches a substantial amount of money in the dark web making education institutions profitable targets.
Let’s first understand what is a cyber attack?
A cyber-attack is an attack launched from one or more computers against another computer or network of computers. It can maliciously deactivate computers, steal data, or use a compromised computer as a launch point to further aggravate the attack. The two aims of cyber-attacks are to either disable the system or gain illegal access to the target computer or network. There are different types of cyber-attacks based on their specific method and intention.
Here are some of the most common types of cyber-attack methods used by cybercriminal gangs around the world.
Phishing is a technique used to deceive a target into taking harmful action such as downloading malware disguised as an important document. A targeted phishing attack could be used to gain access to a user’s account that has important information (such as a member of the Senior Leadership Team) or a user with administrative privileges to the network.
Phishing is usually in the form of an email sent to either a list of users or targeted at a single user. The attacker would craft an email and disguise it to be seemingly normal, with malware attached that looks like it could be a normal document. The email could also include a link that goes to a website designed to look like a familiar website and trick the user into entering their credentials.
To prevent phishing attacks, it is recommended the email system should have an effective filter, implementing email authentication methods like SPF, DKIM, and DMARC to filter potential spam. Users should also be trained on how to identify potential spam emails before clicking on any links or documents attached.
Ransomware encrypts the target files on the system so the user cannot access them. The attacker then demands payment to restore access to the files.
A ransomware attack usually happens when a user opens a malware file or link on a network connected computer. The malware file has specific scripts to identify and encrypt the files in the target area. Ransomware could be used to encrypt a school's financial and contact data so that the school would not be able to access it.
To prevent ransomware attacks, it is a good practice to have On-access scanning enabled on all user devices to scan for viruses before accessing files. Firewalls should be enabled on host devices and anti-virus software should be updated with the latest security patches.
Password attack is an attempt to gain access to systems by cracking the user’s password. Once the user password is cracked, the attacker can gain access to either confidential data or an administrative account allowing access to all data or make significant changes to the network.
A targeted password attack usually involves the attacker finding out details about the user and then attempting to use that information to determine the correct password. Passwords are also sold on the dark web by criminal gangs that have been leaked or hacked from organisations. A good practice to follow is not using the same password twice.
The use of complex passwords with a mixture of words, numbers, and special characters is advised by cybersecurity experts. Another way of preventing password attack is to enable multi-level authentication on systems that support it.
For a deeper dive into how to improve information security in your school, you can book a free workshop with one of our experts
Brute force is an attempt to gain access to systems by trying different passwords to eventually guess the correct one. Similar to a password attack, the attacker could gain access to privileged user accounts.
Malware that is installed on the network with direct access to a systems login screen can be used to secretly attempt to guess a user’s password.
One of the prevention tactics is to configure locking the accounts. Accounts should lockout if there are too many failed attempts at logging in. Audit logs should also be configured and regularly reviewed by the system administrator for any abnormal use of accounts.
Denial of Service (DDoS)
Sending so much traffic to a computer or network such that its resources are overwhelmed and they are made unavailable to anyone. When affected by a Denial of Service attack, the school would be unable to access and use the affected systems.
An attacker compromises a computer or multiple computers using malware that instructs them to send traffic to a single target. In the case of multiple computers, it is called a distributed denial of service attack.
Systems should be built and configured around the concept of redundancy and the ability to fail-over to a secondary system if the first is unavailable. Systems should also be designed with the ability to deal with increased load over the average normal usage.
Cybercriminals use a variety of methods based on their motive to attack your school systems. Schools should have robust IT infrastructure and data protection policies to deter possible cyber-attacks. Following good data protection practices and methods will ensure if ever there is an attempted cyber-attack, the school’s assets and intellectual property are secure. It will also ensure the downtime is minimal and the systems are restored at the earliest.
ABOUT THE AUTHOR:
Marcus is a Senior Technical Consultant at 9ine, responsible for the on the ground management of new build / refurbishment projects. He specialises in the application and configuration of technical systems and services within schools, including mobile device management (MDM) systems. He holds a bachelor's degree in computer network management and design.