FBI and CISA issued a joint warning on increased hacking attacks in the K-12 educational system of USA. The K-12 covers, as they say in the USA, the education "from kindergarten to 12th grade", that is primary and secondary education. According to the FBI and CISA, the schools K-12 are often found in target ransomware attacks and breaches data, while the interruption of distance education services.
"As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the cessation of distance education services by cybercriminals.", States the warning.
"Cybercriminals probably consider schools an easy target and these types of attacks are expected to continue until the 2020/2021 academic year", He added.
According to the CISA and the FBI, the biggest threat to schools was ransomware attacks.
"According to MS-ISAC data, the rate of reported ransomware attacks against K-12 schools increased at the beginning of the 2020 school year", Said the two services.
"In August and September, 57% of ransomware cases reported to MS-ISAC involved K-12 schools", The services also said.
These numbers are also in line with a recent one her report Emsisoft, which reported that ransomware attacks in the education sector increased significantly in the third quarter of 2020.
The five most active ransomware groups targeting K-12 schools this year were: Ryuk, Maze, Nefilim, AKO and Sodinokibi / Revil.
The worry is that all of these groups operate leak sites data. The hackers they usually report the data they have stolen when the victims choose not to pay the ransom. They can, however, leak them even if they are paid. This means that student data may be exposed on the internet.
Ransomware was not the only threat to the K-12 training program. The CISA and the FBI have said that "commodity malware" also targets their school networks. USA.
The most common malware found on school networks is ZeuS trojan (or Zloader) (Windows) and Shlayer loader (macOS).
The presence of these malware should be taken seriously as it can lead to bigger attacks.
DDoS attacks and interrupt educational teleconferencing
According to the FBI and CISA, they are also quite common DDoS attacks and interruptions of teleconferencing (also known as Zoom bombing).
With education increasingly based on the internet (given the circumstances), DDoS attacks are a favorite attack both by criminals attacking to demand ransom, as well as by the students themselves, trying to escape the online lessons.
Both Check Point As well as the Kaspersky have already said that DDoS attacks on educational institutions have increased worldwide.
With regard to teleconference breaks, these have been a problem for schools since March 2020.
Η warning published by the two services also includes a long list of measures that K-12 schools and anyone else can implement to prevent such attacks.