COVID-19 takes US school hacks to new heights
Remote learning fueled a wave of class invasions
The State of K-12 Cybersecurity: 2020 Year In Review report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange released the report based on data from its K-12 cyber incident map. It recorded 408 publicly disclosed cyber security incidents in 2020, an 18% increase over 2019.
While some breaches involved staff records, most targeted student data. Parents even reported hackers using childs’ data for credit applications and to sign up for accounts at utility companies.
Third-party attacks were a common cause of breaches. For the second straight year, at least three-quarters of all breaches involved security incidents at school district vendors and other partners, the report noted.
There were 50 publicly disclosed ransomware infections in 2020, but there may have been more. Another eight school districts reported malware outbreaks that looked like ransomware but weren’t publicly confirmed as such. Overall, there were fewer ransomware incidents than in 2019, but they were severe.
Double extortion, which is a rising problem for ransomware victims, was a growing trend in 2020. In these attacks, cyber criminals steal data when they encrypt it and blackmail victims by threatening to publish what they stole. Hackers exposed at least 560,000 students' data this way in 2020.
The 2% figure for phishing attacks might seem low, but further analysis shows some of these are business email compromise (BEC) attacks. These are specialized attacks in which thieves convince administrators to send fraudulent payments. Four BEC thefts occurred in 2020, with hackers defrauding one school district of $9.8 million.
Almost half of the attacks (45%) fell into the “other” category, covering everything from “Zoom bombing” meetings to website defacements. This aligns with a sharp change in attack patterns and volumes during Q2 2020 as pandemic conditions kicked in and students moved to remote studies. There were just 49 incidents in Q1, rising to 67 in Q2. The subsequent quarters saw 160 and 132 incidents, respectively.
Intruders used videoconferencing systems to disrupt administrative meetings and classroom sessions, the report said, noting hackers didn’t limit these intrusions to just the Zoom platform. Intruders also compromised school email systems to distribute inappropriate material to the school district members, it added.