Cyber Threat for K-12 Distance Learning Institutions

Cyber crimes and Cyber attacks have taken an unprecedented turn in recent years. The joint investigation was done by the FBI (Federal Bureau of Investigation), CISA (Cyber security and Infrastructure Security Agency), and MS-ISAC (Multi-State Information Sharing and Analysis Center) have warned of cyber attacks on K-12 institutions in the USA. K-12 institutions are increasingly targeted by cyber criminals or hackers for data theft, extortion, or disrupting the on-going activity. This trend has been going on for the 2020-21 academic year. These three main agencies of the USA have considered DDoS (Distributed Denial of Service) attacks, ransom ware, and malware deliveries to be the main threats for K-12 educational institutions. Cyber degree hub is the place where you can ample details about cyber security courses.

What is a K-12 Educational Institution? 

K-12 is the USA’s top-notch provider of online learning, curriculum, and support services for K-12 grades. The families and the guardians use the K-12 online learning programs and curriculum and learning programs via online public/private schools, or the combination of “hybrid” schools and independently via buying of courses.  

Ransom ware attacks and threats to the education sector have increased since the starting of this education year. Cyber criminals are stealing data and threatening to expose it unless paid the required ransom. In Aug and Sept this year, there is a 57% surge in ransom ware attacks involving K-12 schools compared to only 28% between January and July. As per the data gathered both from open-source and 3rd party incident, the most ransom ware attacks have been done from families of Nefilim, AKO, Ryuk, Maze, and REvil ransom ware on K-12 institutions from January to September. Search at cyber degree hub.

To disrupt the normal activity

The warnings from the FBI, MS-ISAC, and CISA also include DDoS attacks causing disruptions of general operations of the K-12 sector. This shows there is a considerable surge in attacks against academic institutions in Mid-September. The three US agencies’ warnings show evidence of increasing attacks via DDoS-for-hire services whether the malicious cyber actor is experienced or not. 

These activity disruptions are also caused by unauthorized users that attend video classroom sessions are targeted by abusing the students and teachers, posting obscene materials, and doing the participants. Such activities can be accessed via links of the meetings exposed to the public or the outside users or tricking the hosts to accept the participation in the disguise of student names. 

Opportunistic attacks

Non-targeted attacks against the K-12 learning sector would deliver multiple malware strains and the most common form of attacks are ZeuS, Agent Tesla, Shalyer, NanoCore, and cryptocurrency miners. The Shlayer Malware appears as Adobe Flash Player and updates nothing new. ZeuS is a long-standing Trojan and has been used as the information stealer, particularly credit card details, banking, and financial information. Agent Tesla and NanoCore are off-the-shelf data stealers and remote accessing tools. It is used for compromising business email. For getting details about cyber security courses, search at the cyber degree hub. 

Other risks and mitigations

The other risks which have been highlighted by the agencies include social engineering that can be carried via phishing and domain typo-squatting against the students, parents, teachers, IT personnel, and the other staff involved with distance learning. 

Such attacks are carried out by cyber criminals for obtaining personally identifiable data, login credentials by luring the users to malicious websites, or by delivering malware. Defending against these attacks can be done by applying software updates, using strong and unique passwords, putting multifactor authentication or you can disable ports that need to keep the cyber criminals at bay. 

Was it worth reading? Let us know.