This year, the number of DDoS and ransomware attacks targeting K-12 schools have increased tremendously, according to US security agencies.
Yesterday, the Federal Bureau of Investigation as well as US Cybersecurity Infrastructure and Security warned that the K-12 sector is at risk of cyberattacks. According to the agencies, the hackers are engaged in disruption of distance learning services, the theft of data, as well as ransomware attacks.
The agencies have also warned that users should audit all systems when they see certain malware strains on their system.
The CISA and FBI have continued to receive a series of reports from K-12 educational systems about ransomware and DDoS attacks on their systems, even as of last week.
The joint report from the FBI and CISA also noted that the threat actors are looking at the schools as having a window of opportunity for ransomware attacks. The type of attack is expected to continue even next year, according to the report.
Among all the attacks launched on K-12 schools, ransomware attacks have been the most prevalent this year, the report revealed. This year, the attackers have used highly sophisticated and aggressive methods to get into the systems of their victims to disrupt distance learning and demand for ransom.
Based on the data released by MS-ISAC, the beginning of the 2020 school year saw an increase in the number of reported ransomware attacks against the K-12 schools.
However, the highest percentage of attacks were recorded in August and September at the height of the COVID-19 pandemic . In August and September, there was a 57% increase in the percentage of attacks as against the 28% average increase for the previous months.
The rate is quite alarming as threat actors take advantage of the increased distance learning program during the pandemic.
Emsisoft also presented a similar report , as the company also revealed there is an increase in the number of ransomware attacks in the K-12 education sector in the third quarter of the year.
The report also noted the five most active ransomware groups that target the US K-12 schools this year. They include Sodinokibi/REvil, AKO, Nefilim, Maze, and Ryuk.
To make things worse, the five mentioned groups are ransomware gangs with “leak sites” where they expose stolen data they got from their hacking activities. Generally, when the victims refused to meet their ransomware demand, they dump the data on these leak sites for public viewing as punishment for not paying the ransom.
However, apart from the increased number of ransomware attacks on K-12 schools, the schools have faced other problems this year.
The FBI and CISA also noted that the schools are also facing the risks of everyday community malware attacks. Some of the malware made their way into the networks of the K-12 organizations this year and the rate is increasing as well.
According to the agencies, the malware variants do not only affect educational institutions but other organizations too.
“These malware variants are purely opportunistic as they not only affect educational institutions but other organizations as well,” the agencies pointed out.
The everyday malware includes Shlayer loader (macOS), Trojan (Windows), and the Zeus (or Zloader).
Additionally, the report also noted that some ransomware gangs are stealing data from compromised networks and threatening to release them if the victim refuses to pay.
With such threats, affected schools may be forced into paying the ransom due to the elevated urgency of the threat.
The FBI also cited the report provided by Emsisoft about the high percentage increase in the number of attacks on K-12 schools. It reported that about 1,233 schools were attacked last year. But just within the first quarter of this year, there were hacking attempts on 422 schools. The K-12 Cyber Incident Map also stated that about 867 ransomware incidents have been reported, but only a small fraction was ransomware.