Over the last two months, hackers have stepped up attacks on academic institutions and students thereby opening a new frontier in the battle against cybercrime. Rising attacks on educational institutions could have multiple security and risk implications for the overall security of everything connected and beyond.
Implications of attacks on educational institutions:
- New variants of malware and breach tactics are being tested by bad actors through these attacks
- The ransom paid by target institutions will be used by these hackers to develop new and more potent malware
- Compromised systems in schools and colleges could be used by hacker groups to launch attacks on third parties (they could also be converted into bots). Such systems could become sources for large DDoS attacks
- Hackers will leak data stolen from these institutions and even use the data to scout for new targets
- Such attacks could also be connected with other forms of cybercrime which could have dangerous implications
- There could be yet unknown reasons for targeting such institutions
Major security incidents involving academic institutions in the last 30 days:
- Texas school district attack, Mansfield (August 26)
- California community college (August 19-23)
- Whitworth University, (late July to early August)
- Centralia College (August first week)
- British schools (late July)
Sectrio’s threat research team has identified multiple hacker groups that are actively targeting academic institutions. This includes APT groups such as Transparent Tribe (Pakistan) and APT 41 (China). Both these groups have stepped up their attacks on educational institutions. The rising interest of APT groups points to a growing realization among hacker groups of the importance of academic institutions as a target.
With no established cybersecurity practices and a lack of awareness of the prevalence of sophisticated hacker tactics, schools and colleges are soft targets for hackers. APT groups targeting them could be acting with an intent to stay entrenched through vectors in their networks. Such malware could be activated remotely in case of any geopolitical tensions between the countries involved. Such an approach also points to a widening of the list of targets sought by hackers. With more such options to choose from, hackers will find it easier to target enterprise or government targets.
While the democratization of hacker activity is a reality of the times we live in, now we are having to deal with the democratization of targets as well. With such a spread of targets, it will become difficult for enterprises and governments to attribute cyberattacks or validate an attribution claim.
Either way, attacks on such soft targets represent the opening of a new frontier for hackers. Educational institutions will have to pay more attention to cybersecurity from now on. Even simple cyber hygiene measures including sensitization of all stakeholders will go a long way in securing educational institutions.
Try our threat intelligence feeds for free now: Sign up for free threat intelligence feeds today.