main

HacksSecurity

2018 In Review: Schools Under Attack

December 19, 2018 — by Daniel Smith0

education-under-attack-960x561.jpg

As adoption of education technologies expanded in 2018, school networks were increasingly targeted by ransomware, data theft and denial of service attacks; the FBI even issued an alert warning this September as schools reconvened after summer break.

Every school year, new students join schools’ networks, increasing its risk of exposure. Combined with the growing complexity of connected devices on a school’s network and the use of open-source learning management systems (like Blackboard and Moodle), points of failure multiply. While technology can be a wonderful learning aid and time saver for the education sector, an insecure, compromised network will create delays and incur costs that can negate the benefits of new digital services.

The Vulnerabilities

Some of the biggest adversaries facing school networks are students and the devices they bring onto campus. For example, students attending college typically bring a number of internet-connected devices with them, including personal computers, tablets, cell phones and gaming consoles, all of which connect to their school’s network and present a large range of potential vulnerabilities. What’s more, the activities that some students engage in, such as online gaming and posting and/or trolling on forums, can create additional cybersecurity risks.

In an education environment, attacks–which tend to spike at the beginning of every school year–range from flooding the network to stealing personal data, the effects of which can be long-lasting. Per the aforementioned FBI alert, cyber actors exploited school IT systems by hacking into multiple school district servers across the United States in late 2017, where they “accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information.” Students have also been known to DoS networks to game their school’s registration system or attack web portals used to submit assignments in an attempt to buy more time.

[You may also like: So easy, a child can do it: 15% of Americans think a grade-schooler can hack a school]

Plus, there are countless IoT devices on any given school network just waiting for a curious student to poke. This year we saw the arrest and trial of Paras Jha, former Rutgers student and co-author of the IoT botnet Mirai, who did just that. Jha pleaded guilty to not only creating the malware, but also to click fraud and targeting Rutgers University with the handle ExFocus. This account harassed the school on multiple occasions and caused long and wide-spread outages via DDoS attacks from his botnet.

What’s more, some higher education networks are prime targets of nation states who are looking to exfiltrate personal identifiable data, research material or other crucial or intellectual property found on a college network.

Why Schools?

As it turns out, school networks are more vulnerable than most other types of organizations. On top of an increased surface attack area, schools are often faced with budgetary restraints preventing them from making necessary security upgrades.

[You may also like: School Networks Getting Hacked – Is it the Students’ Fault?]

Schools’ cybersecurity budgets are 50 percent lower than those in financial or government organizations, and 70 percent lower than in telecom and retail. Of course, that may be because schools estimate the cost of an attack at only $200,000–a fraction of the $500,000 expected by financial firms, $800,000 by retailers, and the $1 million price tag foreseen by health care, government, and tech organizations. But the relatively low estimated cost of an attack doesn’t mean attacks on school networks are any less disruptive. Nearly one-third (31 percent) of attacks against schools are from angry users, a percentage far higher than in other industries. Some 57 percent of schools are hit with malware, the same percentage are victims of social engineering, and 46 percent have experienced ransom attacks.

And yet, 44 percent of schools don’t have an emergency response plan. Hopefully 2019 will be the year schools change that.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Attack Types & VectorsSecurity

So easy, a child can do it: 15% of Americans think a grade-schooler can hack a school

September 6, 2017 — by Radware0

students-hacking-schools-960x643.jpg

Yes, you read that right. When asked how easy they thought it would be for a student in grades 1-6 to hack a school, 15 percent of respondents said it was either somewhat easy (6 percent) or very easy (9 percent). The numbers rise with age. Some 57 percent think a high school student could easily hack a school, and 63 percent think an undergraduate would have no problem. These responses were part of a survey of 1,000 Americans conducted by SurveyMonkey on behalf of Radware.

DDoSHacksSecurity

Is Your Child Hacking Their School?

October 7, 2016 — by Radware0

Radware_Kid_Hacking_Comic_Strip-2-960x425.png

You might be surprised at who is behind the most recent cases of cyber-attacks on schools. Would you guess that in many cases, it’s the students themselves? Whether because they want to change their grades or attendance, because they feel it’s fun or they want to test the limits of how much they can get away with, it’s becoming a larger problem across the globe. Part of the issue is the ease in which kids can now access the Darknet, and the increasingly low costs to hire someone to hack the system for them.

DDoSHacksSecurity

Public Education Around Cyber Security

September 28, 2016 — by Paul Coates2

education-cyber-security-960x644.jpg

Australia’s Prime Minister Malcolm Turnbull recently raised the issue of cyber security education during a Washington D.C. speech. The intention behind such a sentiment is a good one. Teaching cyber security to the public, and making it a part of the education curriculum is essentially a public safety lesson akin to ‘Don’t Do Drugs,’ ‘Don’t Talk To Strangers’, and ‘Be Alert And Aware Of Your Surroundings.’

However, as a society we are at a crossroads where our children have vastly more knowledge of the cyber landscape than adults. Teachers still struggle with computer basics while students are hacking the schools’ computer systems to change their grades, create DDoS attacks on the day of critical testing, and worse.

DDoSHacksSecurity

5 Reasons Why Kids Are Hacking Schools

August 17, 2016 — by Radware13

why-kids-hack-schools-3-960x687.png

Summertime is almost over, and back-to-school season is upon us. Beginning now, students all across the globe are beginning to register for their classes, purchase their school supplies, and start working on assignments for the upcoming year. But among these students, there are some who will get up to no good – hacking into the school systems to alter records, to disrupt the school’s normal operations, and to see just how much damage they can do. Let’s take a closer look at some of the reasons why kids are hacking their schools:

DDoSHacksSecurity

School Networks Getting Hacked – Is it the Students’ Fault?

June 23, 2016 — by Daniel Smith1

school-education-hacks-3-960x656.png

School networks are increasingly becoming victims of cyber-attacks. They are presented with unique threats and challenges that most organizations do not have to deal with. Every year schools see thousands of new students that bring with them an arsenal of potentially vulnerable devices. To add to this growing complexity, most college campuses have migrated to digital platforms like Blackboard and Moodle. These online web portals are prime targets for denial of service attacks.

DDoSSecurity

Is Your Organization In the Ring of Fire?

March 17, 2016 — by Shira Sagiv0

ring-of-fire-2-960x498.jpg

Schools are getting more sophisticated; there is no doubt about it. My kids recently had an "emergency study exercise" in grade-school where they needed to log in to the school system from home and participate in an online classroom, listen to a session and answer some questions.  The idea was to see if the school was prepared for emergency situations, where the kids couldn’t attend school for some reason, but they could continue studying remotely.  I thought that was pretty cool. 

I also learned recently about a high school in our area where all the classroom activity is conducted online.  The students have no books, no notebooks – only their laptop.