Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

08:00 PM
Connect Directly

Unmanaged Devices Heighten Risks for School Networks

Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks.

A ransomware attack that knocked the Baltimore County Public Schools (BCPS) system offline for several days last week focused attention on the heightened threat activity directed at school networks since the pandemic forced a mass shift to distance learning this year.

A new report from Armis this week suggests that many schools may be making it easier for threat actors to execute such attacks by allowing numerous devices to connect to their network in an insecure and unmanaged fashion.

Related Content:

Pandemic Could Make Schools Bigger Targets of Ransomware Attacks

The Changing Face of Threat Intelligence

New on The Edge: SASE 101: Why All the Buzz?

Armis' report is based on recent engagements with multiple K–12 school districts around the country. In many instances, the vendor found a larger-than-expected and more-varied collection of unmanaged devices connected to the school networks.

One Arizona K–12 school district, for instance, had at least 47 videogame consoles, five Wi-Fi Pineapple devices — often used by pentesting teams — and three rogue access points on its network. Armis discovered many of the consoles were exposing the school district's network to the gaming community. The devices belonged to both students and faculty and presented a major risk because they're relatively easily exploitable if the Universal Plug and Play protocol is enabled on the gaming console, says Curtis Simpson, CISO at Armis.

The Wi-Fi Pineapples and other devices on the network similarly exposed the school district to a wide variety of external threats.

In another school district, Armis discovered as many as 239 connected building automation systems that all had a set of vulnerabilities, collectively referred to as URGENT/11, in them. The remotely exploitable vulnerabilities, which Armis discovered last year, exist in millions of devices running VxWorks and several other real-time operating systems. According to Armis, the school district's security team wasn't aware of the vulnerabilities and the fact that it had so many exploitable devices on its network.

Simpson says it's likely that such building automation system devices were present on school networks before the pandemic began. But the fact that many are left unmonitored presents a risk, especially with the heightened attention that attackers ae paying to school networks. "Attackers will often look to exploit such services or devices within this type of environment, knowing that they are rarely monitored in such a manner that would allow the school system or any other target to identify the compromise," Simpson notes. One school district in Florida had multiple smartphones serving as point-of-sale devices on its network.

Simpson says the biggest difference between school networks before the pandemic began and now is the sheer number of devices that are connected to them. "In many cases, personal devices — versus those issued by the school system — are also being used to access school system networks and services," Simpson says. "These devices are not being managed by the school system and are often missing standard controls — such as modern antivirus — to safeguard against such attacks."

Attacks on school networks such as the one on BCPS last week have surged since the pandemic forced a shift to remote learning at many school districts around the country this year. According to Microsoft, some 63% of the malware attacks that it encountered over the past 30 days have involved devices at educational institutions. A report in April by Armor showed schools and colleges being targeted much more heavily in cyberattacks this year compared with organizations in any other sector.

Security researchers have pointed to several reasons for the surge in attacker interest in school networks. Among them is the fact that school networks remain relatively easy to break into compared with other networks. In a distance-learning environment, attackers have also discovered that schools are likely to more readily accede to ransomware demands that organizations in other sectors.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
PUBLISHED: 2021-05-18
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.