Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.

Barrett Lyon, Co-Founder and Chief Architect, Netography

November 9, 2020

5 Min Read

The 2020–2021 academic year started not with a bang but with a whimper for some school districts as, instead of welcoming students back to class (albeit virtual classrooms), they found themselves scrambling to combat everything from ransomware to distributed denial-of-service (DDoS) attacks. To wit:

  • Schools in Haywood County, NC, were shut down for several days when the school district fell victim to a ransomware attack that required it to rebuild the entire network and related technology services.

  • Las Vegas' Clark County School District was infected by ransomware that breached the personally identifiable information (PII), including Social Security numbers, of former and current employees.

  • Miami-Dade County Public Schools experienced significant disruptions over the first three days of distance learning, thanks to a series of DDoS attacks allegedly perpetrated by a 16-year-old student. This was not the school district's first rodeo, either — the school system noted it had already experienced more than a dozen DDoS attacks since the start of the school year by the time the student-hacker was arrested.

  • Sandwich Public Schools in Massachusetts were knocked offline by what was initially thought to be a firewall failure but was later discovered to be the result of a DDoS attack. Tyngsboro middle and high schools also came under fire from a DDoS attack initiated by a device brought onto one of the schools' campuses every morning.

While a boon to the ability to educate students during a pandemic, remote-learning platforms and their relatively lax security measures have left educational institutions vulnerable. More worrisome is the fact that school systems, already far less prepared to deal with DDoS attacks thanks to tight IT budgets, will only continue to be in the crosshairs given the growing popularity of easy-to-use DDoS tool kits.

The ABCs
An ounce of prevention is worth a pound of cure and, in the case of DDoS attacks, potentially serious revenue loss or a catastrophic loss of functionality. By understanding the warning signs, educational institutions can go a long way toward protecting themselves against DDoS and similar attacks.

  • Awareness. One of the most important things schools can be doing to protect themselves is to know the warning signs. Typically, if others in your industry have been targeted, your days are numbered. In the current state of play, schools should assume that they will be a target if they haven't already been.

  • Bragging rights. Take advantage of Dark Web monitoring tools to keep tabs on what hackers are saying. Keep an eye on them and take their braggadocio seriously.

  • Check your network for suspicious behavior as hacks will frequently test a network with a few packets before they attack. And, doublecheck that whatever learning platform your institution uses doesn't expose a home user's or school's IP address.

  • Distractions. You don't want to be caught off guard by a second attack while dealing with an initial wave of DDoS attacks, so keep your guard up.

  • Extortion and ransomware notes shouldn't be ignored. Alert the authorities and security providers immediately.

  • Focus on performance issues, including slow persistent network performance when trying to access a website, and monitor device alerts for unavailability.

The middle of a DDoS attack is no time to realize you never got around to updating your disaster recovery plan. The window on capex might have closed for the school year, thereby preventing the purchase of additional security solutions, but there are steps school IT departments should be taking now:

  • Make cybersecurity training mandatory for all employees, and be certain staff knows where to send suspicious emails or whom to contact if they notice any strange activity.

  • Update your disaster recovery plan with current personnel and phone numbers, not just office extensions. Everyone's working from home now, so make sure you have the ability to reach them wherever they are. A disaster recovery plan is only as good as its information, so make sure it's accurate.

  • Be ready to recognize the signs you're under attack and remediate the threats before they take your network offline.

  • Take a page from the football coach's playbook and run practice drills until they become muscle memory. And don't forget to have your entire staff go through the steps as well.

  • Make sure you have an anti-DDoS solution ready. Don't wait until you're under attack to implement it — it might not be as easy as you were told, and it will certainly cost more when you are under attack.

  • Leverage your network, literally and figuratively. Ask both your network and learning platform providers about their DDoS prevention and preparedness measures and see how you might piggyback on those. Keep in mind that larger learning platforms are most likely better equipped to handle an attack.

Lessons Learned
In a time when everyone is trying to make sense out of the senseless, schools are for many a place of near-normalcy, where learning and interaction with one's peers takes precedence, however briefly, over the uncertainty of the world around them. What they should not be is a target for those looking to cause trouble or make a fast buck.

Taking a measured approach to security will mean fewer schoolboy (or girl) errors and ensure that your security solution passes with flying colors.

About the Author(s)

Barrett Lyon

Barrett Lyon

Co-Founder and Chief Architect, Netography

Barrett Lyon is the co-founder and chief architect at Netography. He is also the former founder and CTO of Defense.Net, acquired by F5 Networks and co-founder and CTO of BitGravity, acquired by Tata Communications. Early in his career, Lyon was the founder and CTO of Prolexic Technologies where he created the first successfully managed service to defend enterprises from DDoS attacks, a company later acquired by Akamai.

Lyon holds multiple technology patents and is a pivotal subject in the best-selling cyber-security book, Fatal System Error that is based on his work at Prolexic and his focus on tracking cybercriminals.

He is also the creator of The Opte Project, a visual representation of the Internet, which is displayed in the permanent collection at the Museum of Modern Art in New York City.

See more from Barrett Lyon
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events