{"id":15800,"date":"2019-07-17T07:10:02","date_gmt":"2019-07-17T15:10:02","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/07\/17\/news-9547\/"},"modified":"2019-07-17T07:10:02","modified_gmt":"2019-07-17T15:10:02","slug":"news-9547","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/07\/17\/news-9547\/","title":{"rendered":"Compromising vital infrastructure: problems in education security continue"},"content":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 17 Jul 2019 14:17:22 +0000<\/strong><\/p>\n<p>The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. <\/p>\n<p>These limited budgets often result in weak or less-than-adequate protection against cyberthreats. Unfortunately, organizations in this industry are forced to economize and cut the costs of security.<\/p>\n<h3>Record keepers<\/h3>\n<p>Schools by nature have a lot of personal data on record\u2014not only about their students, but in most cases, they also have records of the parents, legal guardians, and other caretakers of the children they educate. And the nature of the data\u2014grades, health information, and social security numbers, for example\u2014makes them extremely valuable for <a rel=\"noreferrer noopener\" aria-label=\"phishing (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/06\/somethings-phishy-how-to-detect-phishing-attempts\/\" target=\"_blank\">phishing<\/a> and other <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/social-engineering-cybercrime\/2018\/08\/social-engineering-attacks-what-makes-you-susceptible\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"social engineering attacks (opens in a new tab)\">social engineering attacks<\/a>. <\/p>\n<p>Ransomware can also have a devastating effect on educational institutions, as some of the information, like grades for example, may not be recorded anywhere else. If they are destroyed or held for ransom without the availability of backups, the results can be disastrous.<\/p>\n<h3>Special circumstances<\/h3>\n<p>Organizations in the <a href=\"https:\/\/www.malwarebytes.com\/education\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">education<\/a> industry have some special circumstances to deal with when trying to protect their data and networks:<\/p>\n<ul>\n<li>Many schools use special software that allows their students to log in both on premise and remotely so they can view their grades and homework assignments. These applications occasionally get <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/students-hack-school-system-to-change-grades-and-attendance\/\" target=\"_blank\">hacked<\/a> by students.<\/li>\n<li>Growing networks enlarge the attack surface. Modern education requires children of young ages to learn computer skills, so many students are connected to the institution\u2019s network at once.<\/li>\n<li>If a tech-savvy student wants a day off, claims that he couldn\u2019t access his homework assignments, or simply wants to brag, what\u2019s to stop him from organizing or paying for a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/technology\/2018\/03\/ddos-attacks-are-growing-what-can-businesses-do\/\" target=\"_blank\">DDoS attack?<\/a> Kids will be kids.<\/li>\n<li>Schools often also harbor a mix of <a rel=\"noreferrer noopener\" aria-label=\"IoT (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/12\/internet-things-iot-security-never\/\" target=\"_blank\">IoT<\/a> and <a rel=\"noreferrer noopener\" aria-label=\"BYOD (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/business\/2017\/10\/byod-why-dont-you\/\" target=\"_blank\">BYOD<\/a> devices, which each come with their own potential problems. Some schools have noticed a spike in malware detections after holiday breaks, when infected devices get introduced back into the school environment.<\/li>\n<\/ul>\n<p>The sensitive nature of the data and having an open platform for students at the same time creates a difficult situation for many educational institutions. After all, it is easy to kick in a door that is already half open\u2014 especially if there is a wealth of <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/what-is-personal-information-in-legal-terms-it-depends\/\" target=\"_blank\">personally identifiable Information (PII)<\/a> behind it.<\/p>\n<h3>The current situation<\/h3>\n<p>An <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/securityscorecard.com\/resources\/2018-education-report\" target=\"_blank\">analysis<\/a> in December 2018 by SecurityScorecard ranked education as the worst in cybersecurity of 17 major industries. According to the study, the main areas of cybersecurity weaknesses in education are application security, endpoint security, patching cadence, and network security.<\/p>\n<p>In our <a href=\"https:\/\/resources.malwarebytes.com\/files\/2019\/01\/Malwarebytes-Labs-2019-State-of-Malware-Report-2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">2019 State of Malware report<\/a>, we found education to be consistently in the top 10 industries targeted by cybercriminals. Looking only at Trojans and more sophisticated ransomware attacks, schools were even higher on the list, ranking as number one and number two, respectively.<\/p>\n<p>So, it shouldn\u2019t come as a surprise that according to a 2016 study entitled: <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/info.bitsighttech.com\/bitsight-insights-ransomware\" target=\"_blank\">The Rising Face of Cyber Crime: Ransomware<\/a>, 13 percent of education organizations fall victim to ransomware attacks.<\/p>\n<h3>Malware strikes hard <\/h3>\n<p>Like many other organizations, educational institutions are under attack by the most active malware families, such as <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/03\/emotet-revisited-this-pervasive-persistent-threat-is-still-a-danger-to-businesses\/\" target=\"_blank\">Emotet<\/a>, <a rel=\"noreferrer noopener\" aria-label=\"TrickBot (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/11\/trickbot-takes-top-business-threat\/\" target=\"_blank\">TrickBot<\/a>, and <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/detections\/ransom-ryuk\/\" target=\"_blank\">Ryuk<\/a>, which wreaked havoc on organizations for the better part of the 2018\u20132019 school year.<\/p>\n<p>Last May, the <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.news5cleveland.com\/news\/local-news\/akron-canton-news\/coventry-local-school-district-closed-monday-due-to-trickbot-virus-infecting-school-computers\" target=\"_blank\">Coventry school district<\/a> in Ohio had to send home its 2,000 students and close its doors for the duration of one day. The cause was probably a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/detections\/trojan-trickbot\/\" target=\"_blank\">TrickBot<\/a> infection, but the FBI is still busy with an ongoing investigation.<\/p>\n<p>In February 2019, the Sylvan Union School District in California discovered a malware attack that made staff and teachers lose their connection to cloud-based data, networks, and educational platforms. <a rel=\"noreferrer noopener\" href=\"https:\/\/www.modbee.com\/news\/local\/education\/article230013399.html\" target=\"_blank\">Reportedly<\/a>, they had to spend US$475,700 to clean up their networks.<\/p>\n<p>On May 13, 2019, attackers infected the computer network of <a href=\"https:\/\/www.databreaches.net\/okcps-confirms-ransomware-cyber-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Oklahoma City Public Schools<\/a> with ransomware, forcing the school district to shut down its network.<\/p>\n<p>But it\u2019s not just malware that educational institutions need to worry about. Scott County Schools in Kentucky paid US$3.7 million out to a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.knowbe4.com\/scott-county-schools-victim-of-3.7-million-ceo-fraud-scam\" target=\"_blank\">phishing scam<\/a> that posed as one of their vendors.<\/p>\n<p>Unfortunately, that&#8217;s money many school districts, especially those in <a rel=\"noreferrer noopener\" aria-label=\"impoverished communities (opens in a new tab)\" href=\"http:\/\/www.ascd.org\/publications\/educational-leadership\/may02\/vol59\/num08\/Unequal-School-Funding-in-the-United-States.aspx\" target=\"_blank\">impoverished communities<\/a>, cannot afford to pay out. So when can they do to get ahead of malware attacks before valuable data and funding fly out the bus window?<\/p>\n<hr class=\"wp-block-separator\"\/>    <em>Recommended reading: <a href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/02\/k-12-schools-need-shore-cybersecurity\/\" target=\"_blank\" rel=\"noopener noreferrer\">What K\u201312 schools need to shore up cybersecurity<\/a><\/em>    <\/p>\n<hr class=\"wp-block-separator\"\/>\n<h3>Countermeasures<\/h3>\n<p>Given the complex situation and sensitive data most educational organizations have to deal with, there are a host of measures that should be taken to lower the risk of a costly incident. Recognizing that many schools must divert public funding to core curriculum, our recommendations represent a baseline level of protection districts should strive toward with limited resources.<\/p>\n<ul>\n<li>Separate educational and organizational networks, with grades and curriculum in one place, and personal data in another. By using this infrastructure, it will be harder for cybercriminals to access personal data by using leaked or breached student and teacher accounts.<\/li>\n<li>DDoS protection. DDoS attacks are so cheap ($10\/hour) nowadays, that anyone with a grudge can have an unprotected server taken down for a few days without spending a fortune. The possible scope of DDoS attacks has been increased significantly, now that attackers have started using Memcached-enabled servers. To put a stop to outrageously-large DDoS attacks, those servers should not be Internet-facing. <\/li>\n<li>Educate staff and students about the dangers they are facing and the possible consequences of not paying enough attention. Teachers can absorb cybersecurity education into reading comprehension lessons, and staff could benefit from awareness training during professional development days.<\/li>\n<li>Lay out clear and concise regulations for the use of devices that belong to the organization and the way private devices are allowed to be used on the grounds.<\/li>\n<li>Backups should be up-to-date and easy to deploy. Ransomware demands are high and even when you pay them, there is always the chance the decryption may fail\u2014or never existed in the first place.<\/li>\n<li> Investing in <a href=\"http:\/\/www.malwarebytes.com\/business\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"layered protection (opens in a new tab)\">layered protection<\/a> may seem costly, but compared to falling victim to malware or fraud, the investments is worth it. <\/li>\n<\/ul>\n<p>In fact, all of these measures will cost money and we realize that will need to come out of a tight budget. But funding, or the lack thereof, can not be an excuse for weak security. Cybercrime is one of the biggest chunks of the modern economy. And guess who\u2019s paying for most of that? Those who didn\u2019t invest enough in security. <\/p>\n<p>What a strange paradox that one of the best weapons against cybercrime is education, but that organizations in education have the biggest problems with security. We at Malwarebytes, with the help of educational leaders, aim to change that.<\/p>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/vital-infrastructure\/2019\/07\/vital-infrastructure-education\/\">Compromising vital infrastructure: problems in education security continue<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/vital-infrastructure\/2019\/07\/vital-infrastructure-education\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 17 Jul 2019 14:17:22 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/vital-infrastructure\/2019\/07\/vital-infrastructure-education\/' title='Compromising vital infrastructure: problems in education security continue'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/school_playground.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>While educational organizations lack funding they are high on the target lists of cybercriminals. Does one fact lead to another?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/vital-infrastructure\/\" rel=\"category tag\">Vital infrastructure<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/education\/\" rel=\"tag\">education<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/funding\/\" rel=\"tag\">funding<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/malware\/\" rel=\"tag\">malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vital-infrastructure\/\" rel=\"tag\">vital infrastructure<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/vital-infrastructure\/2019\/07\/vital-infrastructure-education\/' title='Compromising vital infrastructure: problems in education security continue'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/vital-infrastructure\/2019\/07\/vital-infrastructure-education\/\">Compromising vital infrastructure: problems in education security continue<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[253,7559,3764,21437],"class_list":["post-15800","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-education","tag-funding","tag-malware","tag-vital-infrastructure"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15800"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15800\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}