6 Cyber Threats for the New School Year

Cybercrime constantly evolves. If staying one step ahead of hackers is stretching your resources thin, you’re not alone. The Fund is here to support you. Here are six cyber threats you need to protect against this school year.

1. Back-to-school ransomware

Hackers prefer to hit early in the morning, or late in the afternoon – especially Monday morning and Friday around quitting time. They hope employees will be focused on work opening/closing tasks, not quite awake, or otherwise distracted enough to mistakenly click a bad link or open a malicious file.

This holds true in early fall, as employees attend to the details of a new school year. In fact, eight districts across the country have been successfully impacted by ransomware attacks since August 1. The most recent attack on crippled the second largest school district in the U.S., the Los Angeles Unified School District. The attack was high-profile and severe enough that the White House got involved.  

The FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC) also took note of this trend and issued a threat advisory. In it, they warned that they anticipate ransomware attacks against the K12 education sector to increase over the coming year. Districts were encouraged to prepare for the worst and follow these recommendations for preemptive mitigation.

What can you do?

1. Establish and maintain strong relationships with your FBI field office and regional CISA cybersecurity advisor
2. Maintain offline data backups
3. Ensure all backups are encrypted
4. Review vendor security
5. Monitor external remote connections
6. Develop and implement a recovery plan

2. Cryptojacking

Cryptojacking occurs when hackers infect your system with malicious software, or malware, that mines digital currencies (cryptocurrencies) like Bitcoin and Ethereum. It takes a huge amount of processing and memory bandwidth to create these currencies, so hackers try to use your network resources to do the work for them.

Cryptojacking seemed to be in decline from 2017-2019. However, it is back in a big way. Due to the increase in cryptocurrency values, we have seen a continuous rise in this activity since the beginning of 2020. Over the past year, new cryptojacking malware variants increased by over four times, and this activity accounted for 41 percent of all malware detected.

Cryptojacking is a serious network security issue for two main reasons:

1. According to global cybersecurity company Kaspersky, cryptojacking can slow your entire system (servers, mobile devices, Internet of Things devices) by up to 70 percent. This significant decrease in performance does more than drain productivity. In some cases, infected mobile devices have overheated and caught on fire.
2. The malicious software that mines cryptocurrency also communicates outside your network back to the hackers in charge. The result is a gaping hole in your network. Hackers can exploit the  opening by installing other malicious software. They could also order the existing malware to steal sensitive information or execute other commands.  

What can you do?

Kaspersky experts recommend these best practices for protecting your system against cryptojacking:

• Keep an eye out for unexpected system slowdowns. If Web browsing or email slows significantly, your system might be infected.
• Take note of mobile devices and laptops heating up and remaining hot.
• Have your IT team scan your network logs. They might notice suspicious outbound communication related to cryptojacking.
• As always, educate your team on safe browsing and email use, and keep firewalls and anti-virus systems up to date. Defenses against any newly discovered cryptojacking malware signatures are included with routine security patches and updates.

Watch our on-demand webinar for a deep dive into cryptojacking and other malware targeting schools.

3. Grade hacking

Grade hacking is the act of modifying official grades using digital methods. We have seen isolated instances of students changing grades by accessing staff computer terminals that had administrative privileges or grading system access. However, it appears grade hacking is becoming a systematic and ongoing threat.

Kaspersky discovered an internet marketplace full of services offering “grade hacking for hire,” as well as a list of bugs in the most commonly used school information systems.

What can you do?

Here are some recommended prevention techniques from Kaspersky:

• Introduce multiple forms of user authentication for information systems, especially for Web-based systems that might provide access to student records, grades, and assessments. Set strong and appropriate access controls so it’s not easy for a hacker to move through the system.
• Provide security awareness training for staff, explaining how to implement and use passwords.
• Encourage everyone to keep their login credentials confidential.
• Enforce a policy that requires network users to create strong passwords and frequently change them.
• Maintain separate and secure wireless networks—one for staff, one for students, and another for visitors if you need it.
• Use a reliable security solution for comprehensive protection.

4. Third-party vendor issues

Vendors are often a great help to districts with limited information technology (IT) resources. They can assist with infrastructure upgrades, deployment of new software platforms, and even student data management. Vendors can also put your network at risk.

For the past two years, vendor security issues have caused at least 75 percent of data breach incidents affecting U.S. public K-12 school districts. Make sure vendors follow appropriate security procedures to protect your sensitive data.

What can you do?

Here are some tips to help you securely manage your third-party vendor relationships:

• Use a reputable vendor with positive reviews and a lengthy history of working with school districts.
• Ensure the vendor is aware of state and federal regulatory standards that may apply to sensitive information the district maintains. Those standards include the Health Insurance Portability and Accountability Act and the Family Educational Rights and Privacy Act.
• Inform the vendor of your local acceptable use policy and the types of sensitive student and staff information stored in your systems.
• Use resources such as Privacy Rights Clearinghouse, Krebs on Security, and DataBreaches.net to see if the vendor has experienced a data breach in the past with other customers.

5. Unpatched servers

In early July 2021, Microsoft discovered a vulnerability in the print spooler service on the Windows operating system. The print spooler is an executable file that manages the process every time you send a document for printing.

This vulnerability, known as “Print Nightmare,” allowed malicious actors to install programs, modify data, and create new accounts with full administrative rights.

By July 6, Microsoft had rolled out security patches for all Windows Server versions, Windows 10, and surprisingly, even the discontinued Windows 7. This vulnerability was widely publicized, meaning that hackers worldwide knew about it as soon as your IT team did.

Organizations that don’t run updates and patches remain wide open to malware and other malicious attacks.

What can you do?

• Speak with your IT team regularly regarding your patching and updating protocols.
• Ensure that routine backups are run and that the backup system is functioning properly.
• Confirm with your IT team that the Microsoft Windows file-sharing protocol, known as Server Message Block 1, is patched or upgraded to versions 2 or 3 on your system.

6. Business email compromise/fraudulent instruction

Business email compromise happens when highly sophisticated emails are crafted to appear to come from legitimate companies or third-party vendors affiliated with a school district. These emails may request sensitive information such as tax forms or Social Security numbers.

Fraudulent instruction is the transfer of funds by an employee to a third party as a result of deceptive information provided by a criminal claiming to be someone else, typically a vendor, client, or authorized employee.

These attacks are usually preceded by significant observation and research that allow cybercriminals to pretend to be legitimate business partners.

In some cases, hackers even infiltrate a company and send a “legitimate” email from within a partner organization. We have seen a significant increase in these attacks directed at the education sector.

In July 2020, a fraudulent instruction attack cost Wayne County School District in Mississippi $9.8 million, and millions of dollars were similarly stolen from Texas districts.

Download this cheat sheet to help your finance professionals fight cybercrime.

What can you do?

• Begin using a system of checks and balances so no single employee has the authority to change third-party financial information such as routing and account numbers without secondary authorization.
• Train your staff on common social engineering tactics such as spoofing, phishing, and spamming.
• Implement a policy that requires confirmation by a different method when vendors, contractors, or other external partners request a change in financial information. For example, if a contractor requests a routing number change in an email, make a phone call to an established point of contact to confirm the request is legitimate.
• Encourage staff, especially accounting staff, to think twice, then three times before complying with potentially suspicious financial requests.

Editor's note: This article was originally published in August 2019. It has since been updated for accuracy and comprehensiveness.