January 9, 2018

Cyber Attacks and Education. What are the Big Threats?

Malware alert representing threats also in the education sector

By: Brooke C., Director Program Management

Cyber crime, malware and fraud are all terms synonymous with financial institutions and the healthcare industry. But, we forget that these are real threats for all industries – including the education sector.

Cyber Attacks on Education? What do they want?

With cyber crime attacks on the rise in the education sector, you may be wondering what criminals are after? The answer is unsettling. They are after sensitive data, control and money. This could be in the form of student personally identifiable information (PII), proprietary data, non-public research, and more. They want this data to commit fraud, to hold the data hostage, cripple their targets ability to function, and to collect a ransom.

There are many ways in which cyber criminals can commit these acts, but the top threats and exposures are through phishing attacks, ransomware, botnets, insider knowledge, poorly secured devices, and system vulnerabilities. Cyber criminals and hackers are savvy. They are always looking for the easiest path for the biggest payout.

Phishing Attacks

Phishing attacks are a form of social engineering where a cyber criminal will attempt to attain a potential victims personal data through email, phone (vishing), and text (smishing). The cyber criminal will send a phony correspondence that looks very similar to someone or something the potential victim trusts.  For example, this could be a financial institution, University, a known individual, etc.

Phishing attacks in the education sector have been on the rise. While it is common knowledge in the security industry that phishing attacks will spike during the fall and spring back-to-school semester, reports are now indicating that cyber criminals are broadening their targets. This past July the Medical College of Wisconsin fell victim to a spear phishing attack and 9,5000 patients protected medical health information was stolen. Amherst College, Wellesley College, Dartmouth College, and more were targeted in phishing scams this past year. Students received emails with a wide range of phony information. Some appeared to come from their schools’ presidents, contained fake student loan information or bogus on-campus job listings. Some bold phishing emails linked to a fake university website that mirrored the school’s actual site. Students and faculty that fell victim to the scam and gave out sensitive information that put them at risk for fraud, stolen identity, and more.


Ransomware is a type of malicious software that takes hold of a victim’s system and demands that a ransom be paid for the release. Typically, ransomware blocks access to the system of a file set. However, in some circumstances they threaten to release emails, videos, or files, if their ransom demands are not met.

The education sector is racing to the top of the ransomware list as a prime target. These types of attacks have targeted colleges, universitieshigh schools, grade schools and even entire school districts.  Cyber criminals believe the education sector is an easier target than financial institutions, healthcare, and the retail sector. They are betting on poor security measures, decentralized IT-security systems, and vulnerable people who may accidentally open a phishing email containing the ransomware. When it comes to ransomware, cyber criminals demand money for the release of something. There is no guarantee that these criminals  won’t cause havoc once once their demands are met.  An example of this comes from an incident at the Los Angeles Valley College. They were forced to pay $28,000 in Bitcoins due to a ransomware attack. Cyber criminals took control of the campuses email and computer systems for 5 days, only releasing it when the ransom was paid. The criminals then provided a “key” to unlock the files.


Botnets (derived from robot network) are a group of internet connected devices, comprised of servers, computers, mobile devices, etc, that are all infected and controlled remotely by malware. Cyber criminals deploy Trojan viruses to access multiple user devices, take control of each device and align them into a network of “bots”. Botnets are known for conducting DDos attacks (disrupted denial-of-service), releasing spam email campaigns, stealing data, or providing access to more bad actors.

A former Rutgers University Computer-Science student was found guilty of launching a botnet attack that took hold of the Rutgers computer network and many IoT (Internet of Things) devices in the United States.  According to Sam Wood of Security Info Watch, “The malware implanted on the IoT devices was later used to cause one of worst outages in the history of the internet when it was unleashed Oct. 21, 2016.” The software, called Miraj, was created to take control of devices that were not well secured. These devices included routers, security cameras and internet connected baby monitors. Once the malware was on the devices they launched DDoS attacks on the service providers and websites – demanding Bitcoin as payment for their release. The students allowed others to use the botnet for a small fee, thereby expanding and strengthening the range of infected devices, which made it pretty hard to track the Miraj Botnet.

Insider threats

The term Insider threat is a general term referring to all malicious or accidental threats that come from the people within an organization. This encompasses employees, former employees, contract workers, and trusted business partners. The threat can involve fraud, data theft, information or intellectual property theft, sabotage, accidental data and system breach or information loss, and more.

Abundant unsecured personal devices

College campuses and schools are littered with personal devices. Students, faculty and staff all bring a myriad of devices that connect on Wi-Fi. In addition, most college campuses and universities have student centers that are open to the public. These locations allow access to free Wi-Fi and even free computers in some instances. This creates security challenges for schools and universities and makes Wi-Fi users vulnerable to many forms of malicious malware and threats. A perfect example of this is the Rutgers Botnet case that was discussed earlier.

Software and Access Management Vulnerabilities

Software and access management vulnerabilities arise from the multiple levels of permissions required on a college campus. Campus staff, admissions teams, professors and students all require access to similar, if not the same systems. Managing these levels of access can be a monumental task – however it is a necessary one.

How to Stay Safe

Schools, colleges and universities all store a vast amount of student PII and other valuable data. They need to have strong detection and prevention measures in place. They need to maintain visibility into their networks and investigate suspicious activities as soon as they are identified. In addition, they need to constantly educate students, parents, and staff about these vulnerabilities. Understanding the threats, maintaining strong passwords, and questioning something that appears suspicious, can go a long way in keeping everyone safe.