What is the first thought that comes to your mind when you hear that an American high school has suffered a streak of sophisticated DDoS attacks lasting 15 days and reached a total volume of over 0.5Tbps? (Yes, we are talking about 500Gbps.)
As a security company, we rarely see an attack against one target reaching such immense volumes during such a short period of time and most certainly not a high school. And out of all potential targets, why would bad actors single out this particular high school? I was curious and wanted to get to the bottom of this incident.
I had a theory in mind, I just needed to prove it. The first thing I did was search the web for the high school’s final exam schedule. To my surprise (or not so much), there was a perfect correlation between the final exam dates and the DDoS attacks. It is one thing to hear about an attack on the news, but quite another thing to have all the facts of the incident right in front of you.
I finally concluded the motive behind the DDoS attacks: high school students between the ages of 15 to 18 targeted their own high school to avoid taking final exams.
The Massive Attack
The attacks started early in 2022 and lasted 15 days. The first attack occurred on Saturday and reached 35Gbps. It served as the first proof of concept to make sure the broader attack plan would work. A streak of attacks then followed. They started at the beginning of the following week, with daily attacks peaking around 100Gbps, and continued until the end of the week (see Figure 1). The same schedule of attacks took place the next week, reaching a total of 500Gbps. The tools used for the attacks included a number of sophisticated attack vectors, including UDP fragmentation attacks (see Figure 2).
Figure 1: The first streak of attacks
A New Era for the Education Industry
We live in a new digital era where unimaginable events, like teenagers launching DDoS attacks against their own schools to skip out of final exams, are part of our reality. To protect ourselves and our institutions, we, as a society, need to evolve as well.
According to Microsoft’s global threat activity, the education sector ranked first among industries most affected by enterprise malware encounters in late 2021 (see Figure 3).
Education also remains the industry with one of the smallest cyber security budgets.
The coronavirus was definitely a catalyst for the digital transformation in the education sector. Digital transformation has enabled schools to manage through the pandemic and keep classes running on a completely remote basis. In the process, however, major security issues were created that were not taken into consideration beforehand. This has opened security loopholes that students and other bad actors have taken advantage of.
How Does This Story End?
What happened at this high school when it was under a massive attack? The answer is simple— nothing. Nothing happened to the high school’s network. In fact, the high school was simply unaware it was under attack. Service continued uninterrupted and all exams took place as usual. Only when the school was contacted by its network provider, which is protected by Radware, did it understand the full extent of the attack and its seriousness.
The resolution to this attack scenario is the one every education establishment should aspire to — an incident that is automatically mitigated without disrupting teachers, students, processes, or the technology infrastructure. With the right DDoS mitigation solution in place, schools can handle the most advanced attack vectors, including burst and DNS attacks, IoT botnets, encrypted attacks, and more.
Asking the Right Questions
Many people question how teenagers can get the resources to launch such an attack. Unfortunately, attack tools of this scale are easily accessible on the dark web and can be acquired in a matter of minutes. Students study the trends and learn about new and sophisticated attacks that can bring down several servers at a time and go undetected. We need to accept this reality and ask an even more important question: how do we keep our schools protected?
The potential damage that the DDoS attacks could have caused this high school is unthinkable. The attacks could have brought down the majority of the school’s servers. However, unlike many other educational institutions, this particular high school was prepared, and the attack was completely mitigated.
As for the educational lesson learned in this incident . . . Although I admire the passion, let’s try and raise a generation that will put its efforts into studying for tests instead of planning and timing DDoS attacks to avoid them. Let’s face it, getting straight A’s on those exams would have taken less work.