Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/9/2020
10:30 AM
Barrett Lyon
Barrett Lyon
Commentary
50%
50%

Preventing and Mitigating DDoS Attacks: It's Elementary

Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.

The 2020–2021 academic year started not with a bang but with a whimper for some school districts as, instead of welcoming students back to class (albeit virtual classrooms), they found themselves scrambling to combat everything from ransomware to distributed denial-of-service (DDoS) attacks. To wit:

Related Content:

Ransomware Attacks Show Little Sign of Slowing in 2021

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

  • Schools in Haywood County, NC, were shut down for several days when the school district fell victim to a ransomware attack that required it to rebuild the entire network and related technology services.
  • Las Vegas' Clark County School District was infected by ransomware that breached the personally identifiable information (PII), including Social Security numbers, of former and current employees.
  • Miami-Dade County Public Schools experienced significant disruptions over the first three days of distance learning, thanks to a series of DDoS attacks allegedly perpetrated by a 16-year-old student. This was not the school district's first rodeo, either — the school system noted it had already experienced more than a dozen DDoS attacks since the start of the school year by the time the student-hacker was arrested.
  • Sandwich Public Schools in Massachusetts were knocked offline by what was initially thought to be a firewall failure but was later discovered to be the result of a DDoS attack. Tyngsboro middle and high schools also came under fire from a DDoS attack initiated by a device brought onto one of the schools' campuses every morning.

While a boon to the ability to educate students during a pandemic, remote-learning platforms and their relatively lax security measures have left educational institutions vulnerable. More worrisome is the fact that school systems, already far less prepared to deal with DDoS attacks thanks to tight IT budgets, will only continue to be in the crosshairs given the growing popularity of easy-to-use DDoS tool kits.

The ABCs
An ounce of prevention is worth a pound of cure and, in the case of DDoS attacks, potentially serious revenue loss or a catastrophic loss of functionality. By understanding the warning signs, educational institutions can go a long way toward protecting themselves against DDoS and similar attacks.

  • Awareness. One of the most important things schools can be doing to protect themselves is to know the warning signs. Typically, if others in your industry have been targeted, your days are numbered. In the current state of play, schools should assume that they will be a target if they haven't already been.
  • Bragging rights. Take advantage of Dark Web monitoring tools to keep tabs on what hackers are saying. Keep an eye on them and take their braggadocio seriously.
  • Check your network for suspicious behavior as hacks will frequently test a network with a few packets before they attack. And, doublecheck that whatever learning platform your institution uses doesn't expose a home user's or school's IP address.
  • Distractions. You don't want to be caught off guard by a second attack while dealing with an initial wave of DDoS attacks, so keep your guard up.
  • Extortion and ransomware notes shouldn't be ignored. Alert the authorities and security providers immediately.
  • Focus on performance issues, including slow persistent network performance when trying to access a website, and monitor device alerts for unavailability.

The middle of a DDoS attack is no time to realize you never got around to updating your disaster recovery plan. The window on capex might have closed for the school year, thereby preventing the purchase of additional security solutions, but there are steps school IT departments should be taking now:

  • Make cybersecurity training mandatory for all employees, and be certain staff knows where to send suspicious emails or whom to contact if they notice any strange activity.
  • Update your disaster recovery plan with current personnel and phone numbers, not just office extensions. Everyone's working from home now, so make sure you have the ability to reach them wherever they are. A disaster recovery plan is only as good as its information, so make sure it's accurate.
  • Be ready to recognize the signs you're under attack and remediate the threats before they take your network offline.
  • Take a page from the football coach's playbook and run practice drills until they become muscle memory. And don't forget to have your entire staff go through the steps as well.
  • Make sure you have an anti-DDoS solution ready. Don't wait until you're under attack to implement it — it might not be as easy as you were told, and it will certainly cost more when you are under attack.
  • Leverage your network, literally and figuratively. Ask both your network and learning platform providers about their DDoS prevention and preparedness measures and see how you might piggyback on those. Keep in mind that larger learning platforms are most likely better equipped to handle an attack.

Lessons Learned
In a time when everyone is trying to make sense out of the senseless, schools are for many a place of near-normalcy, where learning and interaction with one's peers takes precedence, however briefly, over the uncertainty of the world around them. What they should not be is a target for those looking to cause trouble or make a fast buck.

Taking a measured approach to security will mean fewer schoolboy (or girl) errors and ensure that your security solution passes with flying colors.

Barrett Lyon, co-founder and CEO of Netography, is a serial entrepreneur and a well-respected cybersecurity thought leader with experience building leading-edge network services and infrastructure. Lyon and team founded Prolexic, acquired by Akamai, technology that now powers ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.