Threat actors target K-12 distance learning education, CISA and FBI warn

The US Cybersecurity Infrastructure and Security Agency and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector.

The US CISA and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector aimed at data theft and disruption of distance learning services.

The number of attacks surged at the beginning of the 2020 school year.

“The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year.” “reads the alert issued by CISA. “These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”

The US agencies are receiving reports from K-12 educational institutions that suffered cyber attacks causing the disruption of distance learning activities.

According to the report, threat actors consider schools an easy and profitable target, for this reason, authorities believe that the attacks will continue through the 2020/2021 academic year.

The most aggressive cyber attacks targeting the K-12 sector (kindergarten through twelfth-grade schools) are the ransomware attacks.

“According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year,” continues the joint alert.

“In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.”

The five most common ransomware families involved in attacks targeting K-12 schools between January and September 2020 are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil.

CISA and the FBI also warn of commodity malware that was employed in opportunistic attacks aimed at US K-12 organizations.

The most common malware infections on K-12 networks are the ZeuS (or Zloader) trojan (Windows) and Shlayer loader (macOS) have topped the infection charts.

The US agencies also warned K-12 schools to implement security measures to mitigate disrupting cyber-attacks such as the distributed denial of service (DDoS) attacks, including attacks on live video conference (aks Zoom bombing).

“Numerous reports received by the FBI, CISA, and MS-ISAC since March 2020 indicate uninvited users have disrupted live video-conferenced classroom sessions.” states the alert.

“These disruptions have included verbally harassing students and teachers, displaying pornography and/or violent images, and doxing meeting attendees.”

The alert also includes a list of countermeasures that schools should implement to prevent the above attacks

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]