Schools

Published on Friday, 02 August 2019 09:00

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.


OVERVIEW

Academic institutions around the world are increasingly being targeted by hackers, it appears. The cyber-attacks range from ransomware to ones that seek out sensitive research data the institutions may have. Close to home, the Advanced Persistent Threat (APT) attacks on Singapore’s universities in April 2017 were carefully planned, and the objective may have been to steal information related to government and research. According to a report by the US-based Ponemon Institute, which conducts research on privacy, data protection and information security, the education sector saw one of the highest per capita data breach costs at US$260 for each record containing sensitive data, just behind the health industry (US$369), in the survey across 16 industries in 12 countries.

The “attack surface” can only be expected to grow, as schools continue to leverage digital resources to make learning more engaging. Accordingly, and in tandem, students and teachers need to be schooled on cyber hygiene, so as not to fall prey to the cyber-attackers, or be the weakest link in the school’s system. Most of the breaches today are still largely a result of human error, such as clicking on that suspicious attachment or Web link, and exposing themselves or the school system to malicious cyber-attacks. Parents can play an active role too by knowing what good cybersecurity habits are, and cultivating safe online practices at home.

schools

REPORTS

WHAT MAKES SCHOOLS SUCH AS UNIVERSITIES VULNERABLE TO CYBER-ATTACKS

Universities around the world have consistently been the target of cyber-attacks over the years. Their large and porous networks (that are also often connected to the Internet), and their research work and links to government, make them attractive targets.

Observers also suggested that universities are more easily attacked as they do not allocate sufficient resources for IT security. This is seen from Africa to UK and US. In the US for instance, hackers were discovered to be lurking in several schools in Florida in September 2016, about two months before the US presidential election. They were reportedly looking not only for students’ personal information, but also ways to get into other sensitive government systems, including state voting systems.

Experts say that academic institutions can better protect themselves against cyber-attacks by conducting frequent patching of computer systems, vulnerability assessment and penetration testing, as well as raising security awareness among students and faculty.

Read on by clicking on the story below:


SCHOOL WEBSITES TARGETED BY HACKTIVISTS TO PROMOTE CAUSES

Pro-ISIS hackers hijacked the websites of roughly 800 U.S. schools and educational districts in November 2017, after compromising their web-hosting provider, various news outlets reported. The hacking group Team System Dz claimed responsibility for the cyber-attack, which redirected users to a website displaying ISIS messages and a recruitment video, as well as an image of former Iraqi president Saddam Hussein.

The websites' hosting services provider, SchoolDesk, confirmed the attack involved modifying some codes within the SchoolDesk websites, which redirected approximately 800 school and district websites to a YouTube page containing an audible Arabic message, some writings and a picture of Saddam Hussein.

Read on by clicking on the story below:


HACKERS PREY ON FAMILY MEMBERS OF STUDENTS AND STAFF

An entire school district in Montana, USA, shut down for three days after hackers, who called themselves The Dark Overlord, targeted several schools with cyber threats between September and October 2017. Local investigators believe the hackers infiltrated the Columbia Falls school district's server and obtained sensitive information of current and past students, parents and staff members including their names, addresses and medical records.

The hackers then began sending extremely graphic, threatening messages via text and e-mail to students, families and staff members over the weekend. They also sent the school board a ransom note demanding Bitcoin as ransom in exchange for not releasing the stolen data. The hacker group was previously responsible for leaking new episodes of Netflix’s “Orange Is the New Black” in April despite receiving a ransom payment of 50 Bitcoins (then valued at about USD50,000) from the post-production company who worked on the show.

Read on by clicking on the story below:


HACKERS CAN STRIKE SCHOOLS THROUGH CONNECTED SYSTEMS SUCH AS PRINTERS

At least 55 schools in Taiwan have been targeted and attacked by hackers demanding bitcoin ransoms since the start of 2017. For instance, between February and March 2017, nine schools in Hualien, eastern Taiwan, were attacked through their networked printers. The hackers had threatened to destroy the schools’ computer systems unless they made a payment of eight Bitcoins (then valued at about USD9,600). The local authority said hackers managed to commandeer the printers at the nine schools, and caused them to repeatedly print a threatening message in English demanding the schools make the payment or suffer the consequences. The schools have subsequently been told to install passwords on their printers and to buy anti-virus software to block cyber-attacks.

Read on by clicking on the story below:


QUICK BYTES

BACK-TO-SCHOOL SEASON A GREAT OPPORTUNITY FOR HACKERS, UNIVERSITIES ON ALERT TO KEEP SCHOOL NETWORKS SAFE

August marks the back-to-school season for most universities. But the start of the semester may also be the most vulnerable time for a campus network, with new students coming in with their own (potentially infected) computers. Schools have to make sure their systems do not get compromised inadvertently. With Carnegie Mellon University network receiving 1,000 attacks a minute on a regular day, all students are required to take a tech literacy course with a focus on cybersecurity. The school also runs monthly phishing campaigns and those who fall into the trap will have to go for training.

Read on by clicking on the story below:


PARENTS CAN PROTECT THEIR CHILDREN BY LEARNING, THEN TEACHING ABOUT INTERNET SAFETY

The Internet can be a wonderful place for kids to learn, play, and chat with their friends. Unfortunately, predators, stalkers and cyberbullies lurk online too, waiting to pounce on the young. It is therefore important for you and your children to be aware of the online dangers and talk to them about responsible Internet use. Not sure how to go about doing so?

Refer to the GoSafeOnline guide by the Cyber Security Awareness Alliance:


SOURCES INCLUDE: University World News, Miami Herald, BBC, International Business Times UK, CSOonline, Focus Taiwan, CNET and GoSafeOnline