ACID Technologies helps educational institutions protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted institutions to implement effective preventive measures

Cybersecurity for K-12 schools is increasingly essential

One in four schools were victims of cyberattacks in 2022, based on a survey conducted by Clever, the platform used by more than 70% of K-12 schools in the USA.  In 2021, schools with a combined total of nearly a million students were targeted in 67 ransomware attacks, at a cost of more than US$ 3.5 billion in downtime (as reported by Dark Reading in January 2023).

Cybersecurity for Schools and Universities

Following the cyberattack on the Los Angeles Unified School District, which impacted 600,000 students, the FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center released a joint statement revealing that the education sector, and particularly K-12 schools, had been disproportionately targeted in ransomware attacks since mid-2021, adding that these resulted in restricted access to networks and data, delayed exams, canceled school days, unauthorized access to and theft of personal information of students and staff, among others.

Jen Easterly, Director of CISA (the Cybersecurity and Infrastructure Security Agency of the USA), spoke in January 2023 of “massive attacks on K-12 schools”, which she regarded as “target rich, cyber poor”, adding: “What we want to do is to make sure that these entities, which don’t have a lot of resources, have the tools, the resources, the capabilities and the information to be able to protect themselves.”

1 in 4 schools were victims of cyberattacks in 2022

(Clever survey, USA)

The cost of downtime resulting from cyberattacks in 2021 was US$ 3.5B

(Dark Reading, USA)

The number of individual schools impacted by cyberattacks in the USA nearly doubled from 2021 to 2022
(University Business)

Cyber security for universities as also imperative

Data published by University Business in January 2023 reveals that:
  • 45 school districts in the USA were impacted by ransomware attacks, as well as 44 colleges and universities.
  • The number of individual schools impacted by cyberattacks rose from 1,043 in 2021 to 1,981 in 2022 – nearly double (University Business).
  • Data was exfiltrated in 58% of the attacks that took place in 2022, up from 50% the previous year.
  • At least three organizations paid the demanded ransom, including Glenn County Education Office in California, at a cost of US$ 400,000.

The types of attack that cybersecurity for the education sector must effectively counter

According to the GAO (US Government Accountability Office), the main types of attack waged against educational institutions are:

  • Ransomware: In which the victim is required to pay the perpetrators in order to regain access to stolen data and/or prevent its sale on the dark web.
  • Phishing: An attempt to acquire data or other resources by way of a fraudulent solicitation in an email or on a website.
  • Distributed denial-of-service (DDoS) attacks: Preventing or impairing authorized use of networks, systems or applications by multiple machines operating together to overwhelm a target.
  • Video conferencing disruptions: Attacks that disrupt teleconferences and online classrooms, often with pornographic or hate images and threatening language.

Some of the major cyberattacks that highlighting the need for effective cybersecurity for schools and universities

  • USA: The most significant attack in 2022 took place in September: The Los Angeles Unified School District sustained a ransomware attack launched by Vice Society, which shut down many of its IT systems. According to the technology website Wired, 500 gigabytes of data were stolen. One of the folders, for example, contained passport scans of pupils and their parents who had gone on school trips in the preceding 11 years. This was the second time in a year that this district, which includes 1,000 schools and 600,000 students, was targeted in a major cyberattack.

    Also in the USA, Des Moines, Iowa’s largest public schools district sustained a cyberattack in January 2023, forcing it to cancel classes.

    In February 2023, Minneapolis Public Schools (MPS, 34,500 students) were targeted in a ransomware attack, affecting its internet system, phones, cameras, building alarms, printers and copiers. The files that had been encrypted in the attack were restored from backups.

    In February 2023 as well, Berkeley County Schools in West Virginia announced that it had experienced a network outage that has limited IT operations throughout the District, and was forced to send 19,000 students home.

  • UK: A ransomware attack was waged in January 2023 against Guildford County School, in which the Vice Society gang stole hundreds of files, shut down IT functions and phones, as reported by Arctic Wolf. The data stolen included confidential information about students defined as high-risk. The stolen files soon appeared on Vice Society’s leak site.

    Also in the UK, a ransomware attack was waged against 16 schools and Hymers College in Hull over the holiday season in December 2022. The cybercriminals demanded a ransom of £15 million in crypto currency to unlock the computers they had hacked.

  • Israel: The Technion – Technical Institute of Israel was targeted in a ransomware attack in February 2023 by a hacker group which is affiliated with Iran’s security and intelligence services. The attackers demanded of 80 bitcoin within 2 days, which the Institute refused to pay. The attack appears to be ideologically motivated.
  • Canada: In an attack on the Huron-Superior Catholic District School Board in December 2022, the personal information of the Board’s employees was stolen, raising concerns of identity theft. The affected employees were promised two years of credit monitoring to detect any signs of identity fraud. The hackers later announced that they had deleted the stolen files, which included, among others, dates of birth, social insurance numbers and banking information of Board employees in the preceding 4 years.
  • Australia: Queensland University of Technology was targeted by the Royal ransomware gang in December 2022. In their ransomware notes, which they caused campus printers to print repeatedly – some until they ran out of paper – the attackers stated that they had encrypted and copied the stolen critical data, indicating that they could not only prevent access to this data, but also publish it online unless the ransom was paid. As a precaution, the university shut down many of its IT systems with sensitive data.

Schools and universities are particularly vulnerable; effective cybersecurity for the education sector is imperative!

One of the reasons of the increase in cyberattacks against schools is that the widespread online learning during the Covid-19 pandemic. The Clever survey also revealed that in 2022 more than 90% of educators said that they would continue using at least some of the digital tools they had adopted during the pandemic.

According to a report published by Atlas VPN and reported by District Administration, the education sector is the most targeted sector, with 171,000 daily cyberattacks within a 30-day period in the summer of 2022. The second most targeted industry was retail and consumer goods – with almost nine times fewer attacks.

A report titled The State of Ransomware in the US, which was released by Emsisoft, stated that the fact that the number of incidents has not decreased and that ransomware appears to be no less of a problem is concerning, particularly in view of the counter-ransomware initiatives have been introduced: executive orders, international summits, increased efforts to disrupt the ransomware ecosystem, and the creation by the US Congress of an interagency body, the Joint Ransomware Task Force, to unify and strengthen efforts.

In an admission of the severity of the problem, Steve Otis, Chairman of the New York State Assembly’s Science and Technology Committee has declared that protection against ransomware attacks was the top item on his agenda for 2023.

While this is a step in the right direction, this effort and the counter-ransomware initiatives mentioned above, which are not producing the desired results, only highlight the importance of implementing effective cybersecurity measures to protect the education sector going forward.

For cost-effective cybersecurity for schools and universities, ACID is the solution.

ACID’s cybersecurity solution for schools and universities

ACID offers an exceptionally cost-effective solution for the education sector: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the educational institution in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which they may be reluctant or incapable of accessing themselves. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID continuously monitors a great number of sources, if the institution wishes to include additional ones in the search, we are happy to oblige.

The real time alerts provided by ACID at the first hint of an attack, and the subsequent updates with additional information as it becomes available, enable the IT teams of the educational institutions to prepare and implement countermeasures that will mitigate the impact of the attack, or possibly thwart it altogether. Schools and universities are thus supported in avoiding the theft of sensitive data and costly ransom payments, and in maintaining the continuity of their students’ learning activities.