Students in some countries are gradually returning to some level of classroom learning, only to find that cyberthreats have escalated.

While home-based learning or remote-learning arrangements have been in force for some time now—even as students started trickling back to classrooms in many countries last month—many parents and schools were not prepared for the increase in hackers targeting the education sector.

In the Philippines, impoverished parents have had to barter some of their possessions for gadgets that can be used by their kids for remote-learning. How would they feel if they find out that their kids’ school is vulnerable to hackers? In this country, higher education institutions (HEIs) like Far Eastern University and San Beda University are usually the ones that have to deal attacks of Information Disclosure whereby their student portals, containing confidential student information, were accessed by certain parties.

Whereas the hackings in the Philippines entailed a mere defacement of a website or exposure of student information, the Newcaste University in the UK was victimized by ransomware.

In Singapore, a great idea was turned into reality by the National University of Singapore when it invited students to spot network system vulnerabilities for cash. Another option was to reward students with course credits.

Hacker’s sights are on academia

According to data from Check Point, an IT Security company, among the US, the UK and Asia, the US had the highest increase of attacks on the academic sector. Most of those attacks were Distributed Denial of Service (DDoS) attacks that made online services unavailable to users. Weekly attacks per organization had risen by 30%, with 608 attacks being recorded in the July-August span. This is alarming when we consider that the US has more than 13,000 school district governments.

In second place was the UK school system, which have had to deal with some 793 attacks per week.

Asia had the higher number of attacks per week, at 1,598 during the July-August span, although the increase in a two-month span was much less at 24%. The attacks were mostly DDoS, Remote Code Execution and Information Disclosure.

Laurie Mercer, Security Engineer at HackerOne, commented on universities being increasingly attacked with ransomware in recent months. She noted: “If one organization within an industry is hit, others follow as cybercriminals see the niche! It won’t help that the education sector is particularly challenged at the moment by rapid digital transformation required by the pandemic.”

Check Point has released some data that would suggest more hacker activities are already being planned during the three-month span encompassing the back-to-school period. Some 512 internet domains were found to be malicious while another 3,401 domains were suspicious.

How to stay safe

Alarming as the data may be, there are ways to protect yourself from the attacks. For example, there is anti-ransomware technology, which uses behavioral analysis and generic rules to identify suspicious signs and malware for immediate action.

Check Point’s Regional Director for Southeast Asia, Evan Dumas, offers some advice for students, parents, and schools.

• For students, caution is the keyword: use strong passwords, never share confidential information, and do not click links from dubious sources.
  
• Parents must increase the awareness of their kids by talking to them about cyberbullying and phishing.
  
• Schools and related institutions must invest in cybersecurity software and keep monitoring systems regularly and:
  
  ✓ Reduce attack surfaces: For endpoints, take full control of peripherals, applications, network traffic, and your data. You need to encrypt data in motion, at rest, and in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance.
  
  ✓ Prevent and protect: First, block known attacks by using endpoint anti-malware and reputation, and then prevent unknown attacks. To thwart various exploits, use anti-exploit technology to prevent drive-by attacks and protect your applications. Finally, you can inhibit user mistakes by implementing zero-phishing technology that blocks phishing sites, prevents credential re-use, and detects compromised passwords.
  
  ✓ Contain and remediate: Contain attacks and control damages by detecting and blocking command-and-control traffic and prevent the lateral movement of malware by isolating infected machines. You can then remediate and sterilize your environment by restoring encrypted files, quarantining files, kill processes, and sterilizing the full attack chain.

The final principle is to know you must quickly triage events, understand the full nature of the attack, and immunize other surfaces by sharing Indicator of Compromise (IoC) and Indicator of Attack (IoA) information.