Why Security Officers of Education Establishments Need to Beware


What is the first thought that comes to your mind when you hear that an American high school has suffered a streak of sophisticated DDoS attacks lasting 15 days and reached a total volume of over 0.5Tbps? (Yes, we are talking about 500Gbps.) 

As a security company, we rarely see an attack against one target reaching such immense volumes during such a short period of time and most certainly not a high school. And out of all potential targets, why would bad actors single out this particular high school? I was curious and wanted to get to the bottom of this incident. 

I had a theory in mind, I just needed to prove it. The first thing I did was search the web for the high school’s final exam schedule. To my surprise (or not so much), there was a perfect correlation between the final exam dates and the DDoS attacks. It is one thing to hear about an attack on the news, but quite another thing to have all the facts of the incident right in front of you. 

I finally concluded the motive behind the DDoS attacks: high school students between the ages of 15 to 18 targeted their own high school to avoid taking final exams.  

The Massive Attack 

The attacks started early in 2022 and lasted 15 days. The first attack occurred on Saturday and reached 35Gbps. It served as the first proof of concept to make sure the broader attack plan would work. A streak of attacks then followed. They started at the beginning of the following week, with daily attacks peaking around 100Gbps, and continued until the end of the week (see Figure 1). The same schedule of attacks took place the next week, reaching a total of 500Gbps. The tools used for the attacks included a number of sophisticated attack vectors, including UDP fragmentation attacks (see Figure 2). 

Figure 1: The first streak of attacks 

Figure 2: The attack vectors used in one of the attacks 

A New Era for the Education Industry 

We live in a new digital era where unimaginable events, like teenagers launching DDoS attacks against their own schools to skip out of final exams, are part of our reality. To protect ourselves and our institutions, we, as a society, need to evolve as well.  
According to Microsoft’s global threat activity, the education sector ranked first among industries most affected by enterprise malware encounters in late 2021 (see Figure 3).  
Education also remains the industry with one of the smallest cyber security budgets.  

Figure 3: Microsoft’s global threat activity chart for October 2021 

[You may also like: Cyber Attacks and Threats Amidst the Russian Invasion of Ukraine]

The coronavirus was definitely a catalyst for the digital transformation in the education sector. Digital transformation has enabled schools to manage through the pandemic and keep classes running on a completely remote basis. In the process, however, major security issues were created that were not taken into consideration beforehand. This has opened security loopholes that students and other bad actors have taken advantage of.  

How Does This Story End? 

What happened at this high school when it was under a massive attack? The answer is simple— nothing. Nothing happened to the high school’s network. In fact, the high school was simply unaware it was under attack. Service continued uninterrupted and all exams took place as usual. Only when the school was contacted by its network provider, which is protected by Radware, did it understand the full extent of the attack and its seriousness.  

The resolution to this attack scenario is the one every education establishment should aspire to — an incident that is automatically mitigated without disrupting teachers, students, processes, or the technology infrastructure. With the right DDoS mitigation solution in place, schools can handle the most advanced attack vectors, including burst and DNS attacks, IoT botnets, encrypted attacks, and more. 

Download the 2021 – 2022 Global Threat Analysis Report.

Asking the Right Questions 

Many people question how teenagers can get the resources to launch such an attack. Unfortunately, attack tools of this scale are easily accessible on the dark web and can be acquired in a matter of minutes. Students study the trends and learn about new and sophisticated attacks that can bring down several servers at a time and go undetected. We need to accept this reality and ask an even more important question: how do we keep our schools protected? 

The potential damage that the DDoS attacks could have caused this high school is unthinkable. The attacks could have brought down the majority of the school’s servers. However, unlike many other educational institutions, this particular high school was prepared, and the attack was completely mitigated. 

As for the educational lesson learned in this incident . . . Although I admire the passion, let’s try and raise a generation that will put its efforts into studying for tests instead of planning and timing DDoS attacks to avoid them. Let’s face it, getting straight A’s on those exams would have taken less work. 

Like this post? Subscribe now to get the latest Radware content in your inbox
weekly plus exclusive access to Radware’s Premium Content


  1. The increase in vulnerabilities throughout Latin America in the educational sector is worrying, I believe that we must increase the capacities in educational centers from the same users, students, and other members of the university classrooms.

  2. The low level of investment in technology and protection in schools in South American countries is a trigger to open the security gap, governments do not invest in this sector, there is a lack of awareness at the public sector level.
    Governments focus investment on other sectors, and information is unprotected.


Please enter your comment!
Please enter your name here