Surge in School Cyberattacks Expected, Ransomware Leading Threat

… building awareness of students, teachers — really any and all users. The weakest link in any organizational security structure is almost always the users.

Patch cycles must also be quicker and focus on systems with distributed access.

Having adequate endpoint protection systems in place is crucial. Unlike the corporate environment that may have heaps of money to spend on products and a large security operations center (SOC) team, schools should be focused on having solutions that prevent the widest possible range of attacks. There simply aren’t the time or resources available to investigate every incident that occurs. And endpoint protection really needs to be geared toward preventing those attacks from the outset.

CF: Are cybercriminals advancing their tactics for school cyberattacks? If so, how?

GP: As schools and universities increase their reliance on remote connection and access for teachers and students alike, they are also inadvertently expanding their threat surface by providing attackers with many more touch points which attackers can manipulate to gain access.

The main point of focus for ransomware is to target a network, replicate itself and cripple the organization. Remote learning provides the perfect opportunity for threat actors to install trojans and malware on machines being used by students and teachers that are not owned or protected by the school.

New Zealand Stock Exchange Attack

A series of distributed denial of service (DDoS) attacks halted trading on the New Zealand stock exchange (NZX) for four days last week.

NZX said it experienced DDoS attacks from overseas through its network service provider last Tuesday and Wednesday. Trading resumed on Friday.

Mark Kedgley is CTO at New Net Technologies. He said DDoS is a relatively simple attack to orchestrate since all public internet-facing websites and services are “sitting ducks.”

New Net Technologies’ Mark Kedgley

“The only solutions are to use content-distribution networks or web application firewall technology to filter out malicious traffic,” he said. “However, it remains an inherently difficult problem to mitigate.”

DDoS bot networks have been available as a cyber weapon-for-hire for many years now, Kedgley said. And this will continue to be a problem for any web-based services, anywhere in the world.

“Key to this is the fact that a DDoS attack can be monetized, both by the ‘bot wranglers’ running the botnet, and by the organized crime gangs holding businesses to ransom with a ‘your money or your web presence’ threat,” he said. “The problem is it that this is a classic security versus function paradox. There is an irreconcilable gap between providing protection against DDoS attacks while offering an accessible service, open to the internet.”

Brandon Hoffman is NetEnrich‘s CISO. The interesting part of DDoS attacks is almost always whom the target is, he said. An attack on a specific target means the attacker had a specific interest or outcome in mind, he said.

NetEnrich’s Brandon Hoffman

“In this case it could be to disrupt trading specifically in that market for some complex financial gambit,” he said. “It could have been to disrupt trading for a more global end game.”

At times, cybercriminals use DDoS attacks to distract, Hoffman said. Cybercriminals can use DDoS attacks to keep security personnel busy while data exfiltration or malware loading takes place.

“Certainly the notion of DDoS attacks will not go away,” he said. “It is a basic tool in the adversary kit, and provides significant …