Skip to content

Illustration by Security Management

U.S. Agencies Warn of Cyber Actors Targeting Educational Institutions

Malicious actors are targeting kindergarten through 12th grade educational institutions, disrupting distance learning, engaging in ransomware attacks, and stealing data, according to a Joint Cybersecurity Advisory released on Thursday.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released the advisory in response to reports from educational institutions that cyber actors were disrupting their distance learning efforts.

“In these attacks, malicious cyber actors target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions, including distance learning,” the advisory said. “Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.”

Reported ransomware incidents against schools increased at the beginning of 2020 as many districts began distance learning.

“In August and September, 57 percent of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28 percent of all reported ransomware incidents from January through July,” the advisory said.

One of the highest profile ransomware attacks targeted Baltimore County Schools, which was operating remotely this fall. The attack impacted approximately 115,000 students when it crippled the district’s websites, email systems, and grading systems.

The agencies also highlighted the threat of malware against educational institutions, video conferencing disruptions, and distributed denial-of-service (DDoS) attacks that could limit or prevent users from conducting their daily operations.

“The availability of DDoS-for-hire services provides opportunities for any motivated malicious cyber actor to conduct disruptive attacks regardless of experience level,” according to the advisory.

The FBI and CISA said they expect these threats to continue through the course of the academic year, and also warned that malicious actors would attempt to engage in social engineering to exploit students, educators, and parents.

To prevent these types of attacks and disruptions, the agencies recommended educational institutions maintain a business continuity plan to minimize service interruptions and identify operational gaps.

“Through identifying and addressing these gaps, institutions can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies,” the advisory said. “The FBI and CISA suggest K-12 educational institutions review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors.”

The two agencies also provided a robust list of best practices, including for network security and management, user awareness, ransomware, and partnerships for educational technology providers.

“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the advisory said. “These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance the risk when determining their cybersecurity investments.”