Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/9/2020
06:55 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Ransomware Attacks Disrupt School Reopenings

A flurry of recent attacks is complicating attempts to deliver classes online at some schools in different parts of the country.

School reopenings — already bogged down by concerns over the COVID-19 pandemic — are being further complicated by targeted ransomware and denial-of-service attacks.

This week, Hartford Public Schools (HPS) in Connecticut became the latest to announce a ransomware attack that in its case forced school reopening to be delayed by one day. School officials said multiple critical systems had been knocked offline by the attack, including one used to communicate transportation routes to the district's bus company. That prevented the district's ability to operate schools on Tuesday as scheduled, HPS said.

Related Content:

Pandemic Could Make Schools Bigger Targets of Ransomware Attacks

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Next-Gen Firewalls 101: Not Just a Buzzword

Multiple other school districts have reported similar incidents in recent days. On Tuesday, the Clark County School District in Las Vegas said some of its systems had been infected with ransomware on Aug. 27. The incident impacted systems containing current and former employee data, according to the school district.

Last month, Hayward County Schools in North Carolina was forced to discontinue online classes for students for several days — including opening day — following a ransomware attack. More than a week after the intrusion, many services remained unavailable, and school officials warned that restoration work could take several weeks. They later announced the attack had also resulted in sensitive data potentially belonging to employees and students being compromised in the incident. Similarly, school reopening at Oklahoma's Ponca City School system was delayed by a week last month after a ransomware attack crippled the district's ability to deliver online classes.

The flurry of ransomware attacks — like almost every other cyber threat over the past several months — is being driven by the hasty switch to remote learning triggered by the COVID-19 pandemic. School systems, which even before the pandemic had to contend with tight IT budgets, have just not had the time or resources to implement defenses for countering new cyber threats tied to the pandemic, security experts say.

"[The pandemic] has forced the use of many technologies the schools have never used before. Most of the services and systems making remote learning are completely brand new to them," says W. Curtis Preston, chief technical evangelist at Druva. "So the already existent problems presented by underfunding and the ability to only deliver basic IT services have increased by an order of magnitude in light of the pandemic."

Scott Gordon, chief marketing officer at Pulse Secure, likens the heightened threat that schools face to the increased threat that most organizations in general have experienced in the past several months. He points to a recent study conducted by Pulse that showed 80% of organizations have experienced greater malware issues with the recent expansion of remote computing.

"The move to a digital classroom mimics the increase in threats that other industries are coping [with] as they enable a hybrid and flexible workplace," Gordon says.

According to Gordon, while many schools have defenses aligned to monitor, protect, and prepare for recovery of their critical assets, others don't because of budget and resource considerations. As a result, "remote access exposures have grown due to vulnerable endpoints, phishing, and at-risk connectivity," he notes.

The surge in attacks on schools is not entirely unexpected. A study that Armor conducted back in April showed at least 284 entities across 17 school districts and colleges were hit in ransomware attacks between Jan. 1 and April 8 alone. At the time, the security vendor had predicted an increase in such attacks in the following months. A previous Armor study found over 1,000 schools were hit in ransomware attacks last year.

Druva's Preston says the attacks heighten the need for better data backup practices at schools.

"The one thing they all must do is to back up anything they are doing to a system that separates backups from any attacks," he says.

The DDoS Threat
Ransomware is not the only concern that schools face as they prepare for an academic year where most courses will be delivered online. Distributed denial-of-service (DDoS) attacks are another major concern. According to security vendor Kaspersky, DDoS attacks targeting schools and other educational institutions surged between 350% and 500% each month between February and June 2020 compared with the same period last year.

"For the last half a year, we have seen the number of attacks on educational and government resources grow faster than on other kind of resources," says Alexander Gutnikov, a DDoS expert at Kaspersky.

So far, at least most of the attacks on these organizations have been politically motivated or plain acts of hooliganism, he says. But that could soon change as well.

Late last month, the FBI warned about criminals claiming to belong to the Russia-based Fancy Bear cyber espionage group conducting ransom DoS attacks on financial institutions and organizations in other sectors. In many of the attacks — which started last month — the threat actors have asked targeted organizations to pay a demanded ransom amount within one week or face the prospect of a major DoS attack. Most of those targeted in these attacks did not report any additional activity after the deadline passed, or they successfully mitigated the threat, the FBI said.

There is some concern that similar attacks could be directed at school systems, which are far less prepared to deal with DoS attacks than financial organizations.

Barrett Lyon, CEO of security vendor Netography, says the rushed move to remote learning and the comparative lack of preparedness among schools to deal with related cyber threats has left many vulnerable to cyberattack. 

"Schools are sitting ducks" for cybercriminals, he says. Because any attack that disrupts a school's ability to deliver classes online would be chaotic in present circumstances, criminals know it is easy to shake them down, Barrett says.

Significantly, it's not just criminals who schools need to contend with. Almost anyone — including students — who wants to disrupt online course delivery are a threat, he says.

One example is a 16-year-old student in Florida who launched eight DDoS attacks on networks belonging to the Miami-Dade Public Schools system. The August attacks were designed to overwhelm the school district network and disrupt its ability to deliver classes online. Florida law-enforcement authorities arrested the student earlier this month and charged him with a third-degree felony count and a second-degree misdemeanor charge.

Barrett says he expects such attacks will continue.

"A lot of schools are not equipped to deal even with basic DDoS attacks," he says.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...