The ABCs of understanding cyberattacks against schools

Schools have become a common target for network attacks

by Dennis Pierce

Educational institutions have become the second most common target for network attacks, according to Trend Micro—and it’s easy to understand why: Schools serve a young, diverse, population who are connecting to the network from a wide mix of device types.

“Schools have a lot of entry points to their network,” said Terry Hect, director of security services—government for AT&T. “Students and faculty might be accessing the network with their own personal devices, for instance. There are many different vectors into the network that school IT staff might not be looking at.”

Schools and colleges must prepare for many different kinds of network attacks, but three of the most common are:

1. Distributed Denial of Service

A DDoS attack occurs when a hacker takes control of thousands of computers and aims them at a single server, overwhelming that network with traffic and ultimately knocking it offline.

DDoS attacks are fairly common. According to the AT&T Cybersecurity Insights “The CEO’s Guide to Cyberbreach Response,” AT&T logged more than 245,000 DDoS alerts across its global network in one recent 12-month period.

Schools have become increasingly popular targets as well. For instance, Rutgers University had to deal with a series of expensive DDoS attacks that crippled its network services.

2. Ransomware

This is a type of malware designed to block access to a computer system until a sum of money is paid to the person who unleashed it.

Ransomware is among the fastest-growing types of cybercrime. In the nearly 2,500 cases reported to the Internet Crime Complaint Center in 2015, victims paid out more than $24 million.

A school district in South Carolina had its network held for ransom by hackers who blocked access to the district’s computer system. The hackers used high-level encryption to lock up the district’s data, then demanded that the district pay nearly $10,000 for the decryption key. District officials decided to pay the ransom after considering the amount of time it would take to restore access to the files on their own.

3. Phishing scams

These are typically fraudulent email messages appearing to come from a legitimate source, such as a bank, a service provider, or the recipient’s employer. The messages usually direct the recipient to a spoofed website or otherwise get him or her to divulge private information that can be used to commit identity theft or fraud.

A school district in Washington was victimized by a type of phishing scam the FBI calls “CEO fraud,” in which the attacker mimics an email message from an employee’s manager or executive. The FBI recently warned that CEO fraud is on the rise, with corporate losses exceeding $3 billion since October 2013. The agency said it has seen a 270 percent increase in these so-called CEO scams since January 2015.