Cybersecurity crisis in schools

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave.

These attacks not only threaten the safety and security of teachers and administrators but also put the privacy of students, staff, and other associated entities at risk.

With millions of students now learning through technology in hybrid, remote, or in-class settings, device security is no longer optional. It’s crucial to ensure a safe and secure learning environment for everyone. Strong cybersecurity measures protect student data and enable teachers to do their jobs effectively without fear of disruptions or data breaches.

Educational sector vulnerable to cyberattacks due to multiple factors

There are several factors that make the education industry especially vulnerable to cyberattacks, including:

• BYOD dilemma: The “Bring Your Own Device” culture poses security challenges by adding unmanaged devices to the network, straining IT resources.
• Complex infrastructure: Diverse devices, decentralized IT management, and inconsistent security practices create a sprawling attack surface with vulnerabilities.
• Data trove: Huge volumes of sensitive student data (PII, research, IP) attract attackers seeking data breaches and identity theft, amplified by online collaboration and open internet access.
• Exposed systems & services: Publicly accessible network devices like servers, building management systems, access systems, and cameras lack proper security, increasing risk.
• Resource scarcity: Limited budgets hinder investments in cybersecurity software and staff, leaving critical systems under-protected.
• Legacy risks: Outdated IT systems remain vulnerable to exploitation due to lack of updates and security patches.

Trustwave SpiderLabs’ latest research delves into the attack flow employed by threat groups, shedding light on their tactics, techniques, and procedures. The education sector faces significant cybersecurity risks, ranging from job offer scams targeting students to the critical exposure of networked devices due to vulnerabilities in public-facing applications.

Students are being preyed upon with fake job offers, lucrative opportunities offering high compensation, and flexible working hours. Sometimes, students receive a fraudulent cheque with instructions to deposit it and forward a portion of the funds elsewhere.

“The education sector faces an incredible challenge in navigating a diverse and fluid attack surface with increasing financial pressures, leaving little room for error as digital leaders aim to sustain resilience to threats,” said Trustwave CISO Kory Daniels.

“Student, staff, alumni, and professor data each provide different lures and motivators for threat actors to maliciously target the institution, or the individuals affiliated. Our latest threat briefing serves as a vital resource for cyber defenders, equipping them with actionable insights in navigating the latest threats and defenses of their students, staff, and data,” Daniels continued.

Emerging and prominent trends

Trustwave SpiderLabs found significant exposure of critical systems and devices such as public file servers, printers, collaboration systems, and systems storing sensitive data. Shodan analysis and scans revealed over 1.8 million devices related to the education industry being publicly exposed.

The education sector, like many others, relies heavily on third-party vendors such as software-as-a service, hosting providers, storage, and IT services for various functions, including learning management systems, email, and communication and collaboration tools.

These third parties pose a grave risk to the education sector because of undiscovered or un-remediated gaps in their cybersecurity controls or data breach protection. Breaches not only impact the directly targeted institution, but can also have a ripple effect across numerous educational entities relying on the same third-party services.

Ransomware attacks striking the education industry are prominent and growing. For example, in 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions. The threat group LockBit accounted for 30% of ransomware incidents targeting the education sector.

Apache Log4j (CVE-2021-44228) continues to be the most common exploit attempt against educational institutions, accounting for 74% of attempts.