Educational institutions increasingly targeted by spear-phishing attacks, according to new study by security company Barracuda Networks. According to the latest Threat Spotlight analysis released by the company, more than 1.000 schools, colleges and universities encountered more than 3,5 million phishing attacks between June and September 2020.
In addition, more than a quarter of them were BEC attacks. It is an attack method that is twice as likely to be used against educational institutions compared to organizations in other fields. More than 4 in 10 (41%) of all attacks targeting education were spear-phishing, with 28% being fraud attempts and 3% blackmail.
It is worth noting that spear-phishing attacks decreased during the period of July and August when educational institutions were closed. In contrast, these attacks peaked in June (11%) and September (13%)..
Cybercriminals and swindlers are increasingly using his pandemic COVID-19 in phishing emails that send, with subject headings like "COVID-19 NEW UPDATES", "Update for COVID-19 Watch Now", "COVID-19 SCHOOL MEETING" and "Re: Stay Safe".
Barracuda also pointed to the scale of the devastation of these attacks, citing the case of the Texas Manor Independent school district, where spear-phishing attacks resulted in the loss of about $ 2,5 million.
Michael Flouton, vice president of email protection at Barracuda, said malicious cybercriminals have realized that educational institutions usually do not have the same level of security as other organizations and therefore send carefully crafted emails that have designed to deceive unsuspecting and untrained victims so that they can then be leaked sensitively and confidentially data, such as credentials connection, archives containing information about students or payment information.
Flouton added that with the outbreak of the pandemic and the subsequent transition to e-learning, the volume of data stored in servers schools and universities has increased, resulting in a significant increase in the chances of cyber attacks.
So Flouton advises schools and universities to combat this threat by investing in email security with its help. artificial intelligence, which can help identify suspicious senders and requests but also prevent phishing attacks. In addition, account protection, staff and student awareness education and the restructuring of internal policies are necessary steps to be taken to prevent the human error that can trigger such attacks, leading to catastrophic or irreversible consequences.