The start of the school year – although children will return to classroom teaching, it is still not out of the question to return to remote teaching due to the announced fourth wave of the COVID-19 pandemic.
Zoombombing, phishing, malware, and identity theft are just some of the threats that students may face. – E-learning is not only an array of new development opportunities for students, but also an opportunity for cyber criminals. Last year, almost 900 attacks on schools per week were reported in Poland. It cannot be ruled out that there will be more and more cyber attacks on the education sector – warns ESET experts.
Are schools an easy target?
Last year, with the implementation of e-learning, many students became new users of the virtual world. This is an opportunity that cybercriminals have seized and will certainly continue to seize. Indeed, the influx of young and inexperienced users opens up new opportunities for cybercrime groups, which have also turned their attention towards schools, universities and other educational institutions. Last school year, an additional aspect that favored the hackers was, among others, the short preparation period for schools to implement the remote form of teaching. It was dictated by the rapid pace of implementing more restrictions related to the coronavirus pandemic. Many schools were not prepared for this and did not have adequate procedures and safeguards in place to protect against cyber attacks. Although many of the incidents turned out to be pranks or malicious acts by the students themselves, not intended to steal sensitive data, but just to hinder classrooms, the school’s cyber security specialists were not prepared. cyber security officials also noted attacks that not only disrupted or disorganized schools, but were geared toward stealing sensitive data in their possession.
– Attacks targeting schools can largely cripple the work of teachers and the course of instruction itself. At the beginning of the pandemic, one could hear about what is known as zoombombing, which is any activity of outsiders who hacked into ongoing video conferences. They published various kinds of content, including drastic and pornographic ones, so as to disrupt the lessons. However, it’s worth noting that some of the attacks had very serious consequences – says Kamil Sadkowski, ESET Senior Cyber Security Specialist.
Where does the threat come from?
It is rare for a school to be able to meet the demands of cybercriminals, who expect unimaginable amounts of ransom from victims following a successful ransomware attack. It may seem that such an attack simply does not pay off. However, schools are very much a collection of data and information that can be sold on the black market of the Internet. How does such data get stolen?
Cyber attack on a hospital – how can you defend yourself?
– One tool is malware, which is usually distributed via links or attachments. This type of software can steal, destroy or lock data on attacked devices. Cybercriminals also use phishing emails that may mimic school emails, e.g. regarding grades, parent meetings or filling out a survey for a supposed school trip. By filling out the fake questionnaire, an unaware parent or student may then provide their personal data that can be used for further fraudulent activities,” explains ESET expert.
Identity theft of students and teachers
Using ransomware uploaded to devices used for remote learning, cybercriminals are able to take control of the data on victims’ computers. Any activity of this nature has a huge impact beyond the classroom. Classroom disruptions, phishing emails, and identity theft greatly disrupt the learning experience and impact the lives of students, teachers, and parents. After all, schools remain some of the largest banks of personal information that can be used by attackers for various crimes. A good example is the cyber attack carried out in the United States in the Broward County School District in Florida. The malware-attacked institutions refused to pay a $40 million ransom, resulting in the leak of nearly 26,000 stolen files to the Internet, which consisted of personal information, insurance policies, as well as teachers’ opinions on their students.
– Data leakage for minors may seem pointless or harmless in our country, but in North American countries, cybercriminals have used data such as social security numbers to open credit accounts. In this situation, the student may not even be aware that their data has been used until they themselves reach the age of majority and apply for credit. Of course, in such attacks not only students but also school employees suffer – adds Kamil Sadkowski.