The Cybersecurity 202: Spiking ransomware attacks against schools make pandemic education even harder

Among ransomware attacks reported to a government-funded center that tracks such attacks on state, local and tribal governments and schools, 57 percent hit K-12 institutions in August and September, according to an alert from the FBI and the Department of Homeland Security. That’s up from just 28 percent during the period from January to July. 

The spike underscores how hackers have sought to profit by attacking the most strained and vulnerable institutions during the pandemic, including hospitals and local governments in addition to schools. It’s also a heavy burden on students who are already starting the academic year behind after the coronavirus wreaked havoc on last year’s schooling. 

“It adds insult to injury. It disrupts teaching and learning even more than the pandemic has, so kids fall further behind,” Douglas A. Levin, founder of the K-12 Cybersecurity Resource Center, told me. “It just adds stress upon stress because when kids are already learning from home, there’s no Plan B.”

Schools were already dramatically increasing their use of technology even before the pandemic forced them to shift to online learning. But, because of strapped budgets, they often haven’t invested enough in basic cybersecurity protections.

They’re also more likely than other organizations to have invested in insurance policies that will pay out in the event of ransomware attacks, Dukes said, making them more capable of paying ransoms that can cost tens or hundreds of thousands of dollars. 

With coronavirus cases spiking across the nation, it’s a problem that is likely to last well into 2021.

“Criminals are opportunistic, and they’re looking for a payout,” Curtis W. Dukes, executive vice president of the Center for Internet Security, told me. CIS compiled the data on ransomware attacks and helps schools and state and local governments protect themselves against hacking under a contract with DHS.

And because an attack makes distance learning difficult or impossible, disrupting the lives of thousands of students and parents, there’s a lot of pressure for schools to pay up quickly. 

“The increased reliance on technology due to covid has decreased the resilience of school districts [against hacking] and increased the threats they’re facing,” said Levin, who is also president and founder of the consultancy EdTech Strategies. “But the fact is, schools have been relying on technology more and more and cybersecurity has not been a priority. This is just a continuation of trends that began in prior years.”

That data, which includes the personal information of teachers, staff and students, can be an extra income source for hackers if they sell it to identity thieves in the dark corners of the Internet. 

Cybercriminals have used that data to file phony tax returns and steal the refunds of teachers or to sign up for credit cards in their names. 

Data from students can often be more valuable than that of teachers, Levin said. That’s because they’re unlikely to notice someone is using their identity to commit fraud if they don’t yet have bank accounts or credit cards that might be alerted to the fraud. 

“Identity thieves can abuse a student’s credit for years before they find out,” he said. 

An attack shut down Baltimore County in Maryland over Thanksgiving weekend, keeping schools there offline through Dec. 2. Days later, another ransomware attack kept students in Huntsville, Ala., out of classes for a week. When they returned, it was to in-person schooling with no computers. 

That’s an option in areas that consider it safe to conduct in-person schooling, but not for schools that have gone entirely online because of coronavirus spikes. 

“In the ‘before times,’ teachers could figure out a way to continue with their lessons if networks went down,” Levin said. “Nowadays, if the system goes down, kids just stop remote learning, parents contact the school district and things blow up quickly.”

The Center for Internet Security is offering some help in the form of a free suite of cybersecurity products for schools. The center also manages a collection of cybersecurity sensors in school districts across the country provided by DHS that alert about suspicious activity. 

But the federal government overall has provided little cybersecurity aid for schools, and they remain mainly outmatched by hackers. 

“These attacks are demoralizing not only to the educators, but also to students and the country,” Dukes said. “Educators have put their life’s blood into educating the next generation and it’s got to be horribly demoralizing to them.” 

The departure comes weeks after President Trump fired Cybersecurity and Infrastructure Security Agency Director Christopher Krebs, to whom Masterson reported, after his agency vouched for the election’s integrity despite the president’s baseless claims it was corrupted. The Wall Street Journal’s Dustin Volz first reported the Masterson news. 

Masterson will join the Stanford Internet Observatory to work on issues related to election security and disinformation, Sean Lyngaas of CyberScoop reports. He joined CISA in 2018 after serving as a commissioner on the Election Assistance Commission.

Masterson’s departure is the latest exit in the wake of Krebs’s firing. CISA Deputy Director Matthew Travis resigned last month. The White House forced out Assistant Director Bryan Ware shortly after the election.

Robert Kolasky, head of CISA’s National Risk Management Center, had this to say:

The Federal Communications Commission in June designated both Chinese-owned Huawei and ZTE as threats to U.S. communications over concerns that the Chinese government could compel the companies to share U.S. user data, David Shepardson at Reuters reports. The FCC rejected a similar petition by ZTE last month.

The FCC also ordered all U.S. carriers that receive federal funding to remove ZTE and Huawei equipment, enacting measures mandated by a law passed by Congress earlier this year. The rules build on an agency order that disqualified U.S. companies from using $8.3 billion in government funds to purchase equipment from the Chinese firms.

The agency also initiated the process of revoking telecommunications firm China Telecom’s license to operate in the United States. A panel that includes several government agencies earlier this year recommended that the FCC ban China Telecom and several other companies over spying concerns. 

Vendors on networks of hidden websites known as the dark net are also taking advantage of the new vaccine approvals to sell knockoffs of the Pfizer vaccine for as low as $250, researchers found.

Sen. Gary Peters (D-Mich.), the ranking Democrat on the Homeland Security and Governmental Affairs Committee, and Sen. Rob Portman (R-Ohio), also a member of the panel, co-authored the bill.

The Secure Federal Leases from Espionage and Suspicious Entanglements Act (Secure Federal LEASEs Act) applies to spaces rented for high-security government use. It was introduced in response to a 2017 Government Accountability Office report that raised concerns that privately leased spaces could make government agencies susceptible to espionage.

The agency is fully functional after an attack in which hackers accessed regulatory documents for Pfizer and its partner BioNTech, agency head Emer Cooke told the European Parliament, according to the New York Times. 

The agency is also reviewing a vaccine made by Moderna but has not said whether the pharmaceutical company was targeted in the breach. The European Medicines Agency is still investigating the attack.

Rudolph W. Giuliani, a former Trump cybersecurity adviser and the president’s personal lawyer, has given the cybersecurity community another meme-able moment.

Giuliani, while touting a debunked video of alleged voter fraud to Georgia House Republicans, alleged that election workers were “passing around USB ports like they were vials of heroin or cocaine.” Georgia’s secretary of state has investigated the video and found no wrongdoing. 

Cybersecurity expert Jackie Singh, who helped secure the Biden campaign:

MIT Tech Review’s Patrick Howell O’Neill:

Please don’t go too crazy this weekend. Bryson Bort, founder of the cybersecurity company SCYTHE:

• The Senate Homeland Security and Governmental Affairs Committee will hold a hearing on Wednesday titled, “Examining Irregularities in the 2020 Election.”

https://www.youtube.com/watch?v=DDc1RHoUc9A