Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM
Barrett Lyon
Barrett Lyon

Preventing and Mitigating DDoS Attacks: It's Elementary

Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.

The 2020–2021 academic year started not with a bang but with a whimper for some school districts as, instead of welcoming students back to class (albeit virtual classrooms), they found themselves scrambling to combat everything from ransomware to distributed denial-of-service (DDoS) attacks. To wit:

Related Content:

Ransomware Attacks Show Little Sign of Slowing in 2021

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

  • Schools in Haywood County, NC, were shut down for several days when the school district fell victim to a ransomware attack that required it to rebuild the entire network and related technology services.
  • Las Vegas' Clark County School District was infected by ransomware that breached the personally identifiable information (PII), including Social Security numbers, of former and current employees.
  • Miami-Dade County Public Schools experienced significant disruptions over the first three days of distance learning, thanks to a series of DDoS attacks allegedly perpetrated by a 16-year-old student. This was not the school district's first rodeo, either — the school system noted it had already experienced more than a dozen DDoS attacks since the start of the school year by the time the student-hacker was arrested.
  • Sandwich Public Schools in Massachusetts were knocked offline by what was initially thought to be a firewall failure but was later discovered to be the result of a DDoS attack. Tyngsboro middle and high schools also came under fire from a DDoS attack initiated by a device brought onto one of the schools' campuses every morning.

While a boon to the ability to educate students during a pandemic, remote-learning platforms and their relatively lax security measures have left educational institutions vulnerable. More worrisome is the fact that school systems, already far less prepared to deal with DDoS attacks thanks to tight IT budgets, will only continue to be in the crosshairs given the growing popularity of easy-to-use DDoS tool kits.

The ABCs
An ounce of prevention is worth a pound of cure and, in the case of DDoS attacks, potentially serious revenue loss or a catastrophic loss of functionality. By understanding the warning signs, educational institutions can go a long way toward protecting themselves against DDoS and similar attacks.

  • Awareness. One of the most important things schools can be doing to protect themselves is to know the warning signs. Typically, if others in your industry have been targeted, your days are numbered. In the current state of play, schools should assume that they will be a target if they haven't already been.
  • Bragging rights. Take advantage of Dark Web monitoring tools to keep tabs on what hackers are saying. Keep an eye on them and take their braggadocio seriously.
  • Check your network for suspicious behavior as hacks will frequently test a network with a few packets before they attack. And, doublecheck that whatever learning platform your institution uses doesn't expose a home user's or school's IP address.
  • Distractions. You don't want to be caught off guard by a second attack while dealing with an initial wave of DDoS attacks, so keep your guard up.
  • Extortion and ransomware notes shouldn't be ignored. Alert the authorities and security providers immediately.
  • Focus on performance issues, including slow persistent network performance when trying to access a website, and monitor device alerts for unavailability.

The middle of a DDoS attack is no time to realize you never got around to updating your disaster recovery plan. The window on capex might have closed for the school year, thereby preventing the purchase of additional security solutions, but there are steps school IT departments should be taking now:

  • Make cybersecurity training mandatory for all employees, and be certain staff knows where to send suspicious emails or whom to contact if they notice any strange activity.
  • Update your disaster recovery plan with current personnel and phone numbers, not just office extensions. Everyone's working from home now, so make sure you have the ability to reach them wherever they are. A disaster recovery plan is only as good as its information, so make sure it's accurate.
  • Be ready to recognize the signs you're under attack and remediate the threats before they take your network offline.
  • Take a page from the football coach's playbook and run practice drills until they become muscle memory. And don't forget to have your entire staff go through the steps as well.
  • Make sure you have an anti-DDoS solution ready. Don't wait until you're under attack to implement it — it might not be as easy as you were told, and it will certainly cost more when you are under attack.
  • Leverage your network, literally and figuratively. Ask both your network and learning platform providers about their DDoS prevention and preparedness measures and see how you might piggyback on those. Keep in mind that larger learning platforms are most likely better equipped to handle an attack.

Lessons Learned
In a time when everyone is trying to make sense out of the senseless, schools are for many a place of near-normalcy, where learning and interaction with one's peers takes precedence, however briefly, over the uncertainty of the world around them. What they should not be is a target for those looking to cause trouble or make a fast buck.

Taking a measured approach to security will mean fewer schoolboy (or girl) errors and ensure that your security solution passes with flying colors.

Barrett Lyon, co-founder and CEO of Netography, is a serial entrepreneur and a well-respected cybersecurity thought leader with experience building leading-edge network services and infrastructure. Lyon and team founded Prolexic, acquired by Akamai, technology that now powers ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
PUBLISHED: 2021-05-12
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
PUBLISHED: 2021-05-12
Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.
PUBLISHED: 2021-05-12
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
PUBLISHED: 2021-05-12
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.