Local school districts across the United States have emerged as a prime target for cybercriminals. In the fall of 2009, districts in Colorado, Illinois, Oklahoma and Pennsylvania all reported thefts of tens of thousands of dollars.
The threat continues: on January 5, 2010, the Duanesburg, New York Central School District disclosed an attempted theft of $3.8 million, about a quarter of the district’s operating budget.
These crimes have been driven by malicious software infecting central office PC’s containing the district’s electronic banking details. These details were subsequently used by cybercriminals to access the district’s online bank account and illegally transfer money out of the account to money-mules, who subsequently transfer the funds to the criminal ringleaders.
Comodo CEO Melih Abdulhayoglu points out the soft-target characteristics of school districts and similar organizations including local governments, not-for-profit-organizations, and small businesses that make them attractive to cybercriminals. Abdulhayoglu further points out the need for much stronger “Default Deny” PC endpoint security to be deployed by organizations that will always appear to be soft targets relative to larger organizations with the personnel and financial resources to mount stronger cyber-defenses.