Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks.

The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase.

In a recent warning, the nation’s top security agencies said the ransomware group Vice Society is disproportionately targeting schools. In response to these types of threats, CISA has released new guidelines for K-12 entities to deter cyberattacks. Will it be enough to protect our schools?

A Rising Wave of Cyberattacks Against Schools

It seems as if a month doesn’t go by without hearing about a major cyber incident affecting schools. Here are some more notable incidents:

  • Albuquerque Public Schools closed their schools in January 2022 due to a cyberattack that compromised the student information system. The schools used this system to take attendance, contact families in emergencies and assure that authorized adults picked up students from school.
  • In September 2022, the Los Angeles Unified School District sounded alarms and engaged in urgent talks with the White House and the National Security Council. The district discovered ransomware which led to mandated password changes for 540,000 students and 70,000 district employees.
  • Classes were canceled for 30,000 students in Des Moines, Iowa, in January 2023 due to a possible ransomware attack. Taking the district’s servers and internet network offline affected classes, bus routing and food and nutrition systems, as well as access to important student documents.
  • Over 19,000 students in a West Virginia school district got the day off after a cyberattack in February 2023. The Berkeley County Schools suffered a network outage which affected IT operations across the school system. Attackers may also have stolen student personal data.

“We have seen widespread credit abuse, identity theft, even tax fraud,” said Doug Levin, national director for K12 Security Information eXchange (K12 SIX). K12 SIX is a national non-profit organization dedicated to protecting the U.S. K-12 community — including school districts, charter schools, private schools and regional and state education agencies — from emerging cybersecurity threats.

So far, K12 SIX has publicly reported more than 1,600 cyberattacks since 2016. During these incidents, children’s personal information is most at risk.

Vice Society is the Main Perpetrator

According to a CISA alert, the FBI, CISA and the MS-ISAC observed Vice Society actors disproportionately targeting the education sector with ransomware attacks. The Vice Society hacking group emerged in the summer of 2021. The group made its mark by exploiting internet-facing applications, typically obtaining initial access through stolen credentials.

Vice Society is by far the most active group targeting schools:

Rather than relying on a singular, unique form of ransomware, the Vice Society actors deploy various versions, such as Hello Kitty/Five Hands and Zeppelin, with the potential to use others in the future.

Before unleashing their ransomware, Vice Society meticulously scans networks for opportunities to expand their access and collect valuable data. They are known to execute double extortion schemes where they threaten to publicly release sensitive information unless the victim pays up.

The group’s toolkit is well-stocked, making use of SystemBC, PowerShell Empire and Cobalt Strike for lateral movement. Vice Society also uses “living off the land” techniques that take advantage of legitimate Windows Management Instrumentation (WMI) services and manipulate shared content.

Federal Government Response to School Cyberattacks

In January 2023, CISA took a significant step to assist U.S. schools’ cybersecurity. CISA released a comprehensive report and toolkit aimed at K-12 institutions to help safeguard against the ever-growing number of cyber threats, including ransomware.

Titled “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” the report provides a roadmap for K-12 schools and school districts to tackle systemic cybersecurity risks. The report also offers a closer look at the current threat landscape specific to the K-12 community.

With easy-to-follow recommendations and resources, school leaders can take action to boost their cybersecurity efforts and ensure the safety of their students’ sensitive information.

By providing K-12 institutions with the tools and knowledge to defend against cyber threats, CISA is setting the stage for a safer, more secure educational experience for students across the country.

How Schools Can Thwart Cyberattacks

According to the new CISA report, K–12 entities should begin with a small number of prioritized actions, such as:

  • Deploying multifactor authentication (MFA)
  • Mitigating known exploited vulnerabilities
  • Implementing and testing backups
  • Regularly exercising an incident response plan
  • Implementing a strong cybersecurity training program.

From there, K–12 entities should move forward to adopt CISA’s Cybersecurity Performance Goals (CPGs). Ultimately, schools should build an enterprise cybersecurity plan aligned with the NIST Cybersecurity Framework (CSF).

Who’s Going to Pay for School Cybersecurity?

While the CISA guidelines make perfect sense, how will cash-strapped school districts pay to upgrade their security? Here, CISA also has some ideas, such as:

  • Working with state planning committees to leverage the State and Local Cybersecurity Grant Program (SLCGP)
  • Using free or low-cost services to make near-term improvements in resource-constrained environments
  • Expecting and calling for technology providers to enable strong security controls by default at no additional charge
  • Minimizing the burden of security by migrating IT services to more secure cloud versions.

Is School Cybersecurity Easier Said Than Done?

It’s encouraging to see the federal government step up to help K-12 entities improve their security posture. However, if even multinational corporations can’t fend off many attacks, what chance do school districts have? This same question also applies to local government agencies and small-to-medium-sized businesses.

Certainly, there are no easy answers to the growing rate of attacks. Undoubtedly, it will require an effort that involves close collaboration between the public and private sectors and law enforcement. As cyber threats increasingly encroach upon our everyday lives, what will be our response?

More from News

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

$10.3 Billion in Cyber Crime Losses Shatters Previous Totals

4 min read - The introduction of the most recent FBI Internet Crime Report says, “At the FBI, we know ‘cyber risk is business risk’ and ‘cybersecurity is national security.’” And the numbers in the report back up this statement. The FBI report details more than 800,000 cyber crime-related complaints filed in 2022. Meanwhile, total losses were over $10 billion, shattering 2021's total of $6.9 billion, according to the bureau’s Internet Crime Complaint Center (IC3). Top Five Cyber Crime Types In the past five…

4 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read