Insights > Blog

Cyberattacks Against Schools​

In the old days, if a student wanted to delay a test, he might pull a fire alarm. Nowadays, a cyber attack is the weapon of choice. 

This post will look at why people attack school-related computer systems and what parents, teachers, and school systems can do about it.


Attack Motivations

People launch attacks on school systems for different reasons. The goal for cyber attacks is often financial gain. If a threat actor can install ransomware on a school system, hijacking sensitive data, then the school system might pay up. As schools opened for 2020-2021 school year, examples of ransomware and the related chaos abound. The Haywood School System was the victim of an attack. The perpetrators were demanding “an undisclosed amount of money.” A California school district is faced a similar dilemma. Given the sensitive nature of attacks and large number of school systems, it is possible many schools have not disclosed the trouble they are facing.

Outsiders with little interest in the schools at hand might seek to hack to sow chaos. Zoombombing is the term for uninvited people joining meeting session to share disturbing images and videos. Instances of this happened in the spring are continuing as schools open. At one school in North Carolina reported that an attendee was “yelling obscenities and making inappropriate gestures.” The attacks are often organized on message boards and the content can be jarring.

The final example, as mentioned above, is when a student with an interest in the school launches an attack. Hackers are often minors. The recent infamous Twitter takeover was launched by a 17-year old in Tampa, Florida. If a young person can socially engineer his way into one of the top social media companies in the world, imagine what havoc they could wreck on unsuspecting schools systems. The motivation might be to gain renown amongst peers or any number of unknown reasons.


Securing the Virtual Learning Software

Strategies for defending against a cyber attack directed towards your school’s virtual classroom will vary based on what platform is being used. Using a custom platform by a niche provider could bring risks. They might not have the capabilities to defend against a large DDoS attack. It is possible the security of the systems may not be robust. Miami Dade County paid over $15 million to bring their system into place and it was still brought down. Decision makers in the districts should take cybersecurity into consideration when choosing a platform.

For the teachers and parents, there is nothing that can be done if the software itself is under attack, other than adapt on-the-fly. Teachers might abandon the tailored virtual learning ecosystem altogether and use platforms that are designed for a the mass audience. Zoom, Google Hangouts and Microsoft Teams were popular first platforms that got adopted in spring of 2020 when the pandemic began. They have emerged as a fall-back solution when technical difficulties arise. It is important for teachers to secure these systems by requiring a password and not posting it in a public venue.


Stopping Attacks Against School IT Systems

The software that supports online learning is one piece of the pie. Other related components are the computers, email, and hardware used by teachers and others. These systems are also vulnerable to attack. The pandemic-induced virtual learning is making schools more vulnerable, as digital channels are used much more.

In ransomware attacks, the infection typically starts with a phishing email containing malware. The perpetrator might use intelligence to understand the school structure and imitate a superior to get a school employee to open a PDF or Word Doc with the payload. Instructing employees to not click links or open attachments from unknown sources is the cornerstone of stopping phishing attacks and the related damage that results.

School IT personnel should ensure that the computers in the school are patched and updated. They should consider banning remove able media like USB drives. Restricting administrator-level access is also important for school computers. Allowing anyone to download items increases the risk that these items will be malicious. The Readiness and Emergency Management System Technical Assistance center published a list of additional considerations to stop attacks.

Having the network of a school district monitored 24×7 by cybersecurity experts could be an option for larger districts. This can be accomplished by working with a Managed Security Service Provider (MSSP). Working with a trusted advisor to get the right defense software in place, configure it correctly and monitor the results to make actionable improvements is the ultimate level of cybersecurity protection. The cyber protection translates to the protection of education for the millions of students that rely on virtual learning.

What do you think about attack maps? Comment below with your feedback.


Submit a Comment

Your email address will not be published. Required fields are marked *


Information Security Maturity Self-Assessment Survey

Learn More

•  Whitepapers
•  E-books
•  Checklists
•  Self-Assessments
•  Webcasts
•  Infographics