Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comAuthor: Scarinci Hollenbeck, LLC|April 8, 2021
Cybercriminals are likely targeting schools, according to an Alert issued jointly by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The Joint Cybersecurity Advisory warns that cyberattacks against K-12 educational institutions are on the rise, resulting in the disruption of remote learning, data theft, and ransomware attacks.
While learning has shifted online due to the COVID-19 pandemic, cybercriminals increasingly view schools as targets of opportunity. Schools are particularly vulnerable to cyberattacks since they were forced to quickly shift to remote learning environments in response to the pandemic; many staff members and students are new to online learning platforms; and many districts lack the resources to adequately safeguard their IT systems from mounting threats.
The FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption to distance learning efforts at the hands of cyber actors. The cyberattacks have taken a variety of forms, including ransomware attacks, malware attacks, and distributed denial-of-service attacks.
Ransomware attacks have become particularly prevalent and disruptive in recent months. According to the FBI, in these attacks, malicious cyber actors target school computer systems, slowing access or even rendering the systems inaccessible for basic functions. Relying on tactics traditionally used against business targets, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.
Data collected by MS-ISAC shows that the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.
In the most recent string of ransomware attacks, cybercriminals used PYSA malware, also known as “Mespinoza”, to infiltrate schools in 12 states. According to an FBI Flash Alert, the cyber actors specifically targeted K-12 schools. The perpetrators used PYSA to exfiltrate data from victims prior to encrypting their victim’s systems to use as leverage in eliciting ransom payments.
The FBI and CISA recommend that K-12 schools review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors. While schools should thoroughly review the Alert in its entirety, below are several key steps to consider:
The Alert also offers best practices for safeguarding videoconferencing platforms such as Zoom and Google Meet. They include ensuring participants use the most updated version of remote access/meeting applications; requiring passwords for session access; establishing a vetting process to identify participants as they arrive, such as a waiting room; ensuring only the host controls screensharing privileges; and implementing a policy to prevent participants from entering rooms prior to host arrival and to prevent the host from exiting prior to the departure of all participants.
Schools should also recognize that their security is also influenced by the cyber controls implemented by their third-party service providers. Accordingly, when partnering with third-party and EdTech services to support distance learning, it is essential to consider the following:
Being proactive is essential to preventing a cyberattack. With the adoption of remote and hybrid learning, New Jersey schools face new threats and vulnerabilities that must be addressed with updated cyber policies, procedures, and training.
For guidance, we encourage schools and school districts to reach out to a member of the Scarinci Hollenbeck Education Law Group or Cyber Security and Data Privacy Group at 201-896-4100.
The Firm
201-896-4100 info@sh-law.comCybercriminals are likely targeting schools, according to an Alert issued jointly by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The Joint Cybersecurity Advisory warns that cyberattacks against K-12 educational institutions are on the rise, resulting in the disruption of remote learning, data theft, and ransomware attacks.
While learning has shifted online due to the COVID-19 pandemic, cybercriminals increasingly view schools as targets of opportunity. Schools are particularly vulnerable to cyberattacks since they were forced to quickly shift to remote learning environments in response to the pandemic; many staff members and students are new to online learning platforms; and many districts lack the resources to adequately safeguard their IT systems from mounting threats.
The FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption to distance learning efforts at the hands of cyber actors. The cyberattacks have taken a variety of forms, including ransomware attacks, malware attacks, and distributed denial-of-service attacks.
Ransomware attacks have become particularly prevalent and disruptive in recent months. According to the FBI, in these attacks, malicious cyber actors target school computer systems, slowing access or even rendering the systems inaccessible for basic functions. Relying on tactics traditionally used against business targets, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.
Data collected by MS-ISAC shows that the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.
In the most recent string of ransomware attacks, cybercriminals used PYSA malware, also known as “Mespinoza”, to infiltrate schools in 12 states. According to an FBI Flash Alert, the cyber actors specifically targeted K-12 schools. The perpetrators used PYSA to exfiltrate data from victims prior to encrypting their victim’s systems to use as leverage in eliciting ransom payments.
The FBI and CISA recommend that K-12 schools review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors. While schools should thoroughly review the Alert in its entirety, below are several key steps to consider:
The Alert also offers best practices for safeguarding videoconferencing platforms such as Zoom and Google Meet. They include ensuring participants use the most updated version of remote access/meeting applications; requiring passwords for session access; establishing a vetting process to identify participants as they arrive, such as a waiting room; ensuring only the host controls screensharing privileges; and implementing a policy to prevent participants from entering rooms prior to host arrival and to prevent the host from exiting prior to the departure of all participants.
Schools should also recognize that their security is also influenced by the cyber controls implemented by their third-party service providers. Accordingly, when partnering with third-party and EdTech services to support distance learning, it is essential to consider the following:
Being proactive is essential to preventing a cyberattack. With the adoption of remote and hybrid learning, New Jersey schools face new threats and vulnerabilities that must be addressed with updated cyber policies, procedures, and training.
For guidance, we encourage schools and school districts to reach out to a member of the Scarinci Hollenbeck Education Law Group or Cyber Security and Data Privacy Group at 201-896-4100.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Let`s get in touch!
Sign up to get the latest from theScarinci Hollenbeck, LLC attorneys!