The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) recently warned that ransomware attacks on K-12 entities had risen dramatically during the 2nd half of 2020 and that these and other cyberattacks are likely to continue over the next year. This makes a lot of sense, given that—with remote learning now the status quo—cybercriminals have more ways than ever of getting into district systems and causing mayhem.
Everybody knows school sucks but it’s sucked particularly hard since covid-19 made the entire educational experience digital. In 2020, hackers had a field day with schools—spreading ransomware throughout districts nationwide, causing frequent class cancellations, and zoombombing every virtual classroom they could get their hands on.
According to the FBI, all of these things are likely to continue at current levels of bad and potentially get worse in 2021.
This week, as students headed back from holiday break to their virtual classrooms, FBI officials reiterated the need to better protect America’s vulnerable educational institutions.
“The broader the move to distance learning, I think the more attacks you’re going to see, just simply because there are more opportunities for it and it’s more disruptive,” FBI Cyber Section Chief Dave Ring told ABC News this week. “Not everybody’s looking to make money when it comes to criminal motivations for these attacks. A lot are looking to steal information. They’re looking to use that for financial gain. They’re looking to collect ransoms.”
According to federal agencies, hackers are likely to continue to leverage a whole assortment of attacks, from Denial of Service attacks to ransomware to intrusions via third-party ed-tech, like online learning suites like Google Classroom. Because schools are generally places where risk awareness is low and cybersecurity funding is minimal, criminals likely view them as appealing targets, officials say.
“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations,” CISA and the FBI warned in their December brief. “In these attacks, malicious cyber actors target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.”
The lack of attention paid to this issue has seen a skyrocketing rate of publicly reported cyberattacks on schools—with the rate of disclosed attacks tripling from 2018 to 2019, and some attacks becoming even more ubiquitous in 2020.
Some legislators have suggested policy and funding solutions for this—such as Democratic Reps. Jim Langevin of Rhode Island and Doris Matsui of California’s Enhancing K-12 Cybersecurity Act, which, among other things, would create a $400 million grant program via the National Science Foundation to build out better security teams and resources for schools across the country.