Schools are getting more sophisticated; there is no doubt about it. My kids recently had an "emergency study exercise" in grade-school where they needed to log in to the school system from home and participate in an online classroom, listen to a session and answer some questions. The idea was to see if the school was prepared for emergency situations, where the kids couldn’t attend school for some reason, but they could continue studying remotely. I thought that was pretty cool.
I also learned recently about a high school in our area where all the classroom activity is conducted online. The students have no books, no notebooks – only their laptop. Gone are the days where you needed to carry a backpack full of books that almost broke your back. Students definitely have it easier these days!
But all these advancements come at a cost. Educational Institutions now have to deal with managing a complicated online network though a typically under-resourced IT department. They don’t always have the experience and expertise to be able to fully protect their network from something like a cyber-attack.
The complexity and sophistication of cyberattacks continue to grow but the ease of which one can start a DDoS attack today is also growing. With the variety of tools and services that exist today, attackers can simply hire a service, at a very low cost, to "help me DDoS my school". Whether its students that are unhappy with their grades, want to avoid upcoming exams or just take their anger out on the education system, more and more schools and education institutions are targeted with DDoS and other cyber-attacks.
That’s one of the main trends Radware identified in its annual Ring of Fire analysis published in Radware’s 2015-2016 Global Application & Network Security Report. The Cyber-Attack Ring of Fire maps vertical markets based on the likelihood that organizations in these sectors will experience attacks. The Ring of Fire reflects five risk levels. As industries move closer to the red center, such organizations are more likely to experience DoS/DDoS and other cyber-attacks and experience such attacks at a higher frequency. We’ve been tracking industries in this way for the past 5 years and have seen almost all, move closer to the center of the ring over the years. In this past year alone, we’ve seen several verticals face consistent levels of threat, while both Education and Hosting moved from “Medium” to “High” risk.
In the previous year, we saw both Education and Health industries make their first appearance in the Ring of Fire. That was somewhat unexpected – who would think to attack a school or a hospital? But that’s exactly what happened. Starting with the publicized attack on the Boston Children’s Hospital in 2014 following a dispute over a treatment of a child, we’ve since seen a number of health institutions become a target of cyber-attacks. With Education, the story is even more extreme – this past year we’ve seen a big increase in attacks on this industry. For the various reasons mentioned above, cyber-attacks on school and other educational websites increased this past year, most commonly hitting the mail server and targeting sites and services for submitting work and managing the admission process. All are “business” critical to any school—with downtime leading to day-to-day chaos and potential damage to an institution’s reputation.
Government services and gaming companies are also at a high risk and maybe more likely, almost "expected” targets of cyber-attacks these days. The increase in hacktivism and the adoption of cyber-attacks by terror organizations, have led to continued attacks on governments around the world. In November 2015, several Thai government websites were hit by DDoS attacks, making them inaccessible for several hours. More recently, Turkish government sites were inaccessible in an ongoing attack on DNS services. Anonymous claimed responsibility for this 40 Gbps DDoS attack.
Hacktivist groups have also put a focus on gaming companies with repeated attacks and very organized campaigns against leading, worldwide companies. Part of the appeal of targeting gaming services is that mandatory constant connectivity and availability of a centralized gaming platform creates a single point of failure. That makes for “efficient” attacks— with attackers able to cause more damage using fewer resources.
And of course, Hosting companies – where even the large hosting companies have experienced significant attacks this past year. Here we see attacks that are targeting website owners and through that, impacting the hosting company itself, as well as attacks targeting the hosting company directly. We’ve also seen the increase in ransom-based attacks with this industry – where ISPs and their customers are threatened with a DDoS attack unless a ransom is paid. Such was the case with ProtonMail – a Swedish encrypted email service provider – who was attacked with a ransom-based attack in November 2015. That attack initially took down both ProtonMail’s service as well as its ISP’s network.
As we look back at this year’s Ring of Fire and think about next year’s – the story really comes down to "no one is immune". With the varied motivations of attackers, the sophistication of attacks and the ease of which they can launch these campaigns, no organization can safely say it won’t be attacked. It’s no longer a question of if and when, but really a question of how an organization will be attacked. So you should ask yourself – are you prepared?