Page 112 - Security Today, March 2020
P. 112

“The attackers know that the services these organizations provide are critical to their communities, and they also know that schools are typically more vulnerable to security attacks because of their limited bud- gets and lack of IT staff,” said Chris Hinkley, Armor’s head of the Threat Resistance Unit (TRU) research team. “This combination can give the threat actors a tremendous advan- tage over their victims because they know these entities cannot afford to shut down and are often more likely to pay the ransom.”
In September alone, just as back-to-school efforts were underway, 11 school districts discovered ransomware, forcing several to delay the first day of classes. Flagstaff Unified School District in Arizona and Monroe- Woodbury Central School District in Orange County, N.Y. both delayed classes for several days. Other schools simply resorted to taking attendance on paper and teaching class with- out technology until systems were restored. While delayed only a few days in most cases, it was a difficult way to start a new year and did little to build confidence among parents.
Richmond Community Schools in Michi- gan and Pittsburg Unified School District in California both reported in January that malware had infected their networks over the holiday winter break. Richmond Com- munity Schools extended the break while officials addressed the attack. Pittsburg Superintendent Janet Schulze posted a state- ment on Facebook that their schools would “be teaching and learning like ‘back in the day,’ without laptops and Internet.”
While this was the response from several school districts this academic year when faced with a ransomware infection – to literally go “old school” – these attacks are more than just a nuisance. They also damage the trust of par- ents in the communities where they occur and can create difficult budgeting decisions for already cash-strapped districts.
Just show the stark difference in the num- ber of ransomware attacks which occurred within the education sector in 2018 as com- pared to 2019. According to the K-12 Cyber- security Resource Center, K-12 schools experienced 119 cyber incidents in 2018. Among those 119 incidents, only 9.76 per- cent (11) were attributed to ransomware.
Ransomware attacks have definitely become much more prolific in the past 12 months, and security defenders believe one reason is because the attacks have become more targeted and, as a result, more lucra- tive. While many of the ransomware attacks launched prior to FY2019 consisted of the spray-and-pray variety, the hackers seem to have discovered new techniques and strate- gies whereby they are going after larger and more sensitive targets.
These targets include businesses and pub- lic entities which are naturally sensitive to negative incidents that affect business conti-
nuity, revenue, public confidence and safety. In addition to educational institutions, other victim industry sectors include municipali- ties (89), healthcare organizations (47) and managed service providers (MSPs)/cloud- based service providers (20).
What’s more, the adoption of cyber insur- ance and what appears to be an increase in ransom payouts may be fueling attacks. A number of high-profile ransom payments, whether paid by the victim organization or by their cyber insurance policy, occurred in 2019. Sixteen U.S. organizations publicly reported paying a ransom last year, one of which was the Rockville Centre School Dis- trict on Long Island, which paid $88,000 to ransomware hackers. In all, 16 total victims publicly reported paying about $2.3 million total to hackers last year.
Hinkley believes many more payouts have been made, but have not been disclosed due to concern over optics. Until last year, most ransomware payments rarely topped six-fig- ure status unless demanded of large corpo- rate entities. Crowder College in Neosha, Missouri saw a $1.6 million ransom demand in July 2019 following an attack, while hack- ers that seized the files of Monroe College in New York demanded $2 million. The largest ransom demand of the year was asked of Vir- tual Care Provider, Inc., a Milwaukee-owned network of 110 nursing homes and acute care facilities. Hackers demanded $14 million in bitcoin to release their critical patient files.
Most ransomware before 2019 focused on encrypting data rather than stealing it for later use. Unfortunately, the threat actors behind ransomware families such as Sodin, Maze and Ako have begun stealing data, threatening to release victims’ data publicly in the event they refuse to pay.
What should schools do to protect them- selves from ransomware attacks? School Chief Information Security Officers (CISOs) and IT managers should absolutely imple- ment offline, backup procedures and keep those backups air-gapped from the internet and password protected.
Officials should also patch and update their software frequently and consider invest- ing in additional security layers such as end- point protection, file integrity monitoring and IP reputation monitoring. Most impor- tantly, educational institutions should con- duct continuous security awareness training with school administrators and teachers to reduce the number of infections through phishing and spear phishing campaigns.
The one lesson everyone should learn is that these ransomware attacks are pervasive and are more than just mere class disrup- tions. Security and IT administrators of school districts should include ransomware protection at the top of their curriculum for the rest of the academic year.
Michael Mayes is the senior content writer and research specialist at Armor.
Cyber Attacks
Zephyr_p/Shutterstock.com
26 campuslifesecurity.com | MARCH/APRIL 2020


































































































   110   111   112   113   114