Previously I wrote about how academic institutions are beginning to become targets for ransomware attacks and how the frequency was mounting.
As I sit here in my California mountain home watching the snow melt outside, I am thankful that, at least for now, the rain has stopped. California has been experiencing torrential rain and heavy snow lately, and I am thankful I foresaw the possibility of flooding after the first rain this year and took the time to prepare myself for the floodgates that were soon to open. Okay, I am going somewhere with this. Sit tight.
While browsing some of my favorite cybersecurity news sites, I was amazed to see how quickly the number of ransomware attacks at academic institutions has grown. An article in the Washington Examiner titled “Florida audit finds cybersecurity lacking in four of eight surveyed school districts”, which goes on to discuss how schools are lacking basic security controls and adequate authentication, but fails to discuss how they are identifying and addressing basic vulnerabilities that are a leading cause of ransomware attacks on many networked systems globally.
The previous day, an article titled “San Benito School Officials Share Cyber Attack Details” went into detail about how cybercriminals stole Social Security numbers and banking information from the school’s networked systems and posted the information on the Dark Web.
Again, a few days earlier, an article titled “Suspected cyberattack keeps largest school district in Iowa closed for second day” goes on to report how “A suspected ransomware attack on Iowa's largest school district has closed schools for two days as technicians work to restore the computer system and protect data”.
Perhaps my favorite article of all, on the same day, was a Morning Brew story titled “Analysis of Vice Society finds that the hacking group times its attacks with school-year transitions”, which reports on hacking group Vice Society and says that “nearly 40% of the group’s attacks focus on the education sector, particularly in the US” and that “the gang lines up their assaults on educational systems based on the school year,” using various forms of commonly available ransomware.
The use of common ransomware is the crucial observation here. It's not that the criminals are using advanced methods to compromise the schools; they are using whatever is readily available and easy to use and launching it against many schools to see what sticks and where. Many of them are technically inept, following step-by-step manuals written by skilled ransomware developers, as they don't have the technical knowledge of how the ransomware works under the hood.
The criminals are very clever because they time their attacks during transitions when new students enter the system, launching the attack at that time to cause maximum disruption and help ensure they get paid quicker. These ransomware attackers are getting more ruthless every day. It's business, and they optimize it for the highest profit.
Now I can assure you that there are more stories out there, but to see this level of reporting on academic cybersecurity issues in only 3 days indicates a growing system of storms. Academic institutions are very ripe targets, and there are many of them. They are not organizations that typically have big cybersecurity budgets and are unlikely to retain the best and brightest talent due to this lack of budget. If they are capable, the next employer may double their salary.
Having systems in place that identify that attack surface that education has to expose to the world to be able to function, and protect it against vulnerabilities, combined with simplified and secure authentication, will undoubtedly become more necessary as the threat continues to grow, especially since remote access is growing faster than administrators can secure school networks. At Arctic Security, we are determined to help them with the challenge. We have tailored solutions for both K12 and for the Higher Education.
The bottom line is that the word is spreading fast. Education and academia is a ripe and easy target, and unless resources are directed toward resolving some of these issues very quickly, there will be a lot of flooding to deal with.