U.S. warns of increased cyberattacks against K-12 distance learning

distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year.

The alert comes from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) based on reports from K-12 institutions incurring cyberattacks.

Ransomware attacks

In a joint advisory today, the three government agencies are warning that ransomware, malware delivery, and DDoS attacks are the main threats for K-12 educational institutions.

Ransomware attacks in the education sector have increased at the beginning of the school year, with cybercriminals stealing data and threatening to leak it unless the ransom was paid (just like in the case of targets in the business and industry sector).

“In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July” – FBI, CISA, MS-ISAC joint advisory

Based on data aggregated from both open-source and third-party incident reports, the most prevalent ransomware families affecting K-12 institutions between January and September were Ryuk, Maze, Nefilim, AKO, and REvil.

Opportunistic attacks

Non-targeted attacks against this sector delivered multiple malware strains, the most common ones being Shalyer, ZeuS, Agent Tesla, NanoCore, and cryptocurrency miners.

malware in attacks against K-12

Shlayer malware for macOS that continues to evolve. Recently, its authors came up with a trick that bypasses Apple’s scanning for malicious code and code-signing issues in software running on macOS 10.15 (Catalina) and above.

Last year, Kaspersky security solutions for Mac detected Shlayer on 1 in 10 systems and this malware strain accounted for 30% of all detections on Apple computers.

ZeuS is a long-standing trojan (first detected in 2007) that has turned into an information stealer (banking/financial information, credentials).

Agent Tesla and NanoCore, are off-the-shelf information stealer and remote access tool, both a common tool in business…