As another school year begins, children return to class, teachers prepare for their busy season, and public administrators step up educational cyber defense surveillance. In recent years, educational institutions have become focal points for cybercriminals. In a joint statement, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center have warned school districts to be prepared.
“Over the past few years, the education sector, particularly kindergarten through twelfth grade (K-12) institutions, has been a frequent target of ransomware attacks. The impacts of these attacks range from l ‘restricted access to networks and data, delayed exams, canceled school days, unauthorized access and theft of personal information about students and staff,’ reads the notice released on Tuesday .
Already, cybersecurity organizations are actively investigating incidents. Over Labor Day weekend, for example, the Los Angeles Unified School District, the nation’s second-largest district with more than 640,000 students, was the target of a ransomware attack that mostly disrupted its messaging services. Administrators responded quickly, and the biggest setback affecting normal operations was that all students and staff had to reset their passwords and log in again, creating a bottleneck. Classes were able to resume immediately.
“The decision to resume classes and work was informed by the district’s ability to confirm that our most critical systems were viable. Our student information systems were back up and running within the first two hours of the school day,” reads a statement from the district.
The district credited “the special collaboration and rapid deployment of resources to our school system by the Federal Bureau of Investigation,” Superintendent Alberto Carvalho said. “We know today was difficult, but the impact of this incident could have been catastrophic if our teams and partners had not reacted quickly and decisively, cut off the attacker’s access immediately and worked quickly to restore operational capability.”
In the face of emerging threats like the one seen in Los Angeles, federal agencies recommend that administrators across the country take immediate action to mitigate the impact of ransomware by prioritizing and remediating known exploited vulnerabilitiestrain users to recognize and report phishing attempts and enable multi-factor authentication.
In particular, observers have seen an increase in attacks on schools by a particular group called the Vice Society. It is described in the joint statement as “an intrusion, exfiltration, and extortion hacking group that first emerged in the summer of 2021. Vice Society actors do not use any variant of single-origin ransomware,” the advisory warns. “Vice Society actors likely gain initial access to the network through compromised credentials by exploiting web-accessible applications,” or a program or service accessible through the Internet.
Once inside the system, cybercriminals are known to spend time exploring the network, identifying access opportunities, and stealing data for extortion before making themselves known. It’s a trend that officials say will continue.
“School districts with limited cybersecurity capabilities and limited resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk,” the notice states. “K-12 establishments can be considered particularly lucrative targets due to the amount of sensitive student data accessed through school systems or their managed service providers.