US School Systems Keep Getting Hacked: How and Why

Cybersecurity attacks in the education sector are increasing rapidly and show no signs of slowing down. These disruptive events are costly to schools, shutting down entire networks and compromising enormous amounts of personally identifiable student and staff data. Data theft, ransomware, and DDoS attacks are the top threat vectors used to target school systems. Cyberattacks on the education sector cripple the infrastructure and lead to long-term damages, like identity theft, theft of intellectual property, and more. 

School systems with limited cybersecurity capabilities and constrained resources are often vulnerable to the opportunistic targeting of cyber threat actors as an epicenter for exchanging knowledge and ideas. For example, the cyberattack on the Los Angeles Unified School District, compromising confidential data of over 400,000 students, is a recent security incident that has increased latent cybersecurity concerns. 

Unfortunately, poor funding and failure to prioritize cybersecurity have made the education sector the least secure industry with the highest number of vulnerabilities. The very harsh reality, though, is that school systems are responsible for protecting its students— but are falling short.

Why are school systems such a prime target for cyber attacks, and how can we course-correct?

What Makes School Systems Prime Targets? 

School systems are privy to massive amounts of personal data— for students, records consist of demographic information, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records, and more. For teachers and administrators, this also includes salary information, HR records, and other private data.

Further, schools are more reliant on technology than ever, largely due to the COVID-19 pandemic and the increase of EdTech software used both in and outside of the classroom. This dramatically increases the ability of cybercriminals to infiltrate the school’s network, users, devices, and cloud applications— providing access to a wide array of additional targets, including the EdTech software itself and its respective customers. Without proper security controls and a robust security awareness training program, newer technologies only widen the attack surface. 

Cyber Threats Leveraged Against School Systems 

Some common cyber threats against school systems include social engineering attacks, like phishing, ransomware, DDoS, and IoT attacks. In addition, human-caused errors, not necessarily because of careless behavior but a misunderstanding of cybersecurity as a process, are also responsible for many cyberattacks in school systems. 

Top Three Examples of Recent Incidents and Their Impact 

1) In September 2022, the cyberattack on Los Angeles Unified School district caused significant disruption to the system’s infrastructure and compromised the private data of over 400,000 students. As per officials, although sensitive information like Social Security numbers was secure, the threat actors may have stolen student information like grades or disciplinary records. 

2) In May 2022, the Chicago Public Schools suffered a massive data breach that exposed four years’ worth of records of over 500,000 students and nearly 60,000 employees. According to CPS, a ransomware attack on the server of non-profit technology organization Battelle for Kids compromised CPS student information like the course and assessment details for teacher evaluations. 

3) The notorious ransomware threat group Conti ransomware executed a ransomware attack on Florida’s Broward County School District between November 2020 and March 2021; the threat actors published the stolen files as the district refused to pay a $40 million ransom. The published files contain all details of Broward School District accounting and financial records, including invoices, purchase orders, travel and reimbursement forms, and social security numbers. 

Tactics, Techniques, and Procedures (TTPs) Used Against School Systems 

Threat actors typically rely on social engineering (phishing) tactics, software vulnerability exploitation (malware attacks), form-jacking, DDoS, and ransomware attacks to compromise school systems. In addition, they deploy these tactics, techniques, and procedures (TTPs) to encrypt networks, compromise system access, and steal and sell personally identifiable information on the dark web. 

On the other hand, school districts collaborating with managed security service providers (MSSPs) can leverage the known TTPs of threat actors to identify patterns of behavior that can help defend against specific strategies and attack vectors employed by the threat actors. 

Additionally, following the ongoing cyber threat and vulnerability research from private and public security research bodies such as MITRE, school systems can establish a proactive posture by devising a detective, preventive, and corrective plan using automated and human-verifiable security controls to secure their infrastructure. 

Actionable Cybersecurity Solutions

Protecting data, services, and users within school systems and educational institutions is a challenge that requires a coordinated strategy. It is necessary to find a solution by keeping in mind the complexity of the cyber threat landscape and the limitation of resources. 

How can school systems defend themselves against cyber attacks?

1) Provide robust security awareness training for educators, administrators, and all other school employees. In addition, regular briefings on the latest security risks helps organizations respond intelligently to data breaches, ransomware, and phishing attacks (and stay aware of the very-real consequences).

2) Set up perimeter security, consisting of network firewalls, web filters, email protection, and application firewalls to help improve the security posture of school systems. To create an extra level of protection, consider solutions around intrusion detection, data backup, and anti-malware to help catch any perimeter security breaches.

3) Find an appropriate threat detection and incident response solution, like an extended detection and response product (XDR). XDR tools bring in data from across an IT environment to create a holistic security operations system. It delivers visibility across all data, including endpoint, network, SaaS, and cloud data to make it easier to detect and respond to threats. 

4) Find a reliable cybersecurity partner that best understands your school and its needs. The education sector is unique and any vendor you choose should have an intimate understanding of your desired security outcomes. By implementing modern, trusted security solutions you have the tools to address cybersecurity challenges and increase cybersecurity resilience across people, processes, and technology.

ContraForce is everything you need to manage cybersecurity with confidence.

Related Posts