Cybercrime in the education sector
As a result of the pandemic that the world has experienced over the last two years, the need to maintain school education has changed the teaching model to online classes. This communication tool has not only allowed schoolchildren to have access to the essential service of education, but has also raised the need to reformulate the systems in this area.
Having to come up with a new training model overnight and the implementation of online training "at full speed" has been a breeding ground for cybercriminals. They have not hesitated to take advantage of it. Poor security measures, easy access to virtual classes and social engineering applied to both students and teachers have been key factors in exploiting this sector.
This sector is one of the most affected by cyber threats, as demonstrated by the Cybersecurity Study in the university sector carried out by Deloitte, according to which 80% of the participating universities declared having suffered an incident in the last 12 months. Of these, 62% have suffered between 2 and 5 cyber-attacks and 10% received more than 10.
Despite the fact that 80% of the participating universities consider themselves to be exposed to a high information security risk, almost two thirds (63%) believe that the sector has a medium or low level of protection. Although 54% of institutions believe they are better prepared than average, only 27% believe they have a high level of protection.
According to data compiled by SonicWall, ransomware (malware that encrypts computer files) grew by a whopping 62% last year in educational institutions. In May 2019, the University of Corsica in France fell victim to Dharma ransomware, which crippled part of its servers, preventing infected computers from being able to function. The hackers offered to unlock systems in exchange for a ransom.
In Spain, the University of Cadiz (UCA) suffered a ransomware attack in May 2020. This used an email technique that impersonated an angry student body ("alumnadoindignadouca@topmail.com") from which massive attacks were carried out, both on the web portal and the virtual campus, leaving students unable to access services due to partial communication cuts in an attempt to repair the situation.
But it was not the only one. The University of Castilla - La Mancha (UCLM) received another attack, also of the ransomware type, in April 2021. This one was aimed at the critical infrastructure of the institution, as it was one of the most famous ransomware of the moment, called Ryuk. This attack disabled services such as the Virtual Campus, including Teams and the Office 365 email and collaboration platform, vital resources for both students and faculty.
Cybercriminals exploit vulnerabilities in these types of systems because of a simple principle: the larger the system, the more likely it is to be breached.
Many of the attacks use social engineering (such as email phishing) targeting both students and faculty, including other positions such as secretaries and administration. Once a user has fallen into this trap and accessed the malicious link that usually accompanies these fraudulent emails, the ransomware can begin to spread throughout the organisation.
Personal data, phone numbers, donation history and financial systems are the main targets of this type of campaign. These data leaks can then be sold for financial gain if the organisation decides not to pay the ransom demanded. In some cases, the activity of the centres has been completely paralysed, taking several weeks to return to normal.
The different technological devices and software, as well as the hardware on which schools store information on all their staff and students, need quality protection. Most schools that provide computer equipment, whether tablets or computers, do not install minimum security measures such as VPN connections or anti-virus on their students' devices.
These should be protected both inside and outside the school, and those devices that may be transported to the student's home should have extra protection measures, as they are doubly exposed.
The use of insecure communication platforms (as was the case with Zoom, which had multiple vulnerabilities) has also been a deficiency that remains unaddressed in many schools today. Despite widely publicised reports of the platform's insecurity, many institutions continue to use it, despite the risks it can pose.
Use 2FA or two-factor authentication: Whenever possible, it is advisable to use this means of two-step authentication, thus preventing unauthorised access and adding an extra layer of protection.
Regularly make backup copies: Saving information is essential in the event of a ransomware attack, as it ensures that we have a backup of the information, preventing its loss.
Access only legitimate sites: Be wary of web pages or applications that you do not know or whose origin is uncertain. Official applications always have additional security measures.
Education in digital skills: Both students and teachers should receive sufficient training to identify risks in the digital world, such as phishing campaigns or hoaxes and fake news.
Due to the increased use of technology in all areas of our daily lives, especially in the wake of pandemic times around the world, risks have also increased at all levels due to our hyper-connectivity.
The education sector has also been affected by various attacks around the world. This means that it is a sector that must prepare for the future to meet these new challenges by bringing cybersecurity into the classroom.
While no sector is exempt from this type of incident, the education sector needs special protection due to the personal data it handles (much of it coming from minors) and the essential use it has for the population.
One of the first points of urgent action should be to increase the protection of digital assets and solutions that make it possible to reduce existing risks as much as possible, as the trend is for education to have more and more technological means as resources.
Ainoa Guillén González, coordinator of the Cybersecurity area of Sec2Crime: https://www.sec2crime.com/ciberseguridad