IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

COVID-19 takes US school hacks to new heights

Remote learning fueled a wave of class invasions

According to research released this week, US schools suffered a record number of cyber security incidents in 2020 as attackers capitalized on the COVID-19 pandemic.

The State of K-12 Cybersecurity: 2020 Year In Review report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange released the report based on data from its K-12 cyber incident map. It recorded 408 publicly disclosed cyber security incidents in 2020, an 18% increase over 2019.

The largest number of attacks were data breaches and leaks, representing 36%. Ransomware followed at 12%, denial of service attacks made up 5%, and phishing represented just 2% of attacks.

While some breaches involved staff records, most targeted student data. Parents even reported hackers using childs’ data for credit applications and to sign up for accounts at utility companies. 

Third-party attacks were a common cause of breaches. For the second straight year, at least three-quarters of all breaches involved security incidents at school district vendors and other partners, the report noted.

There were 50 publicly disclosed ransomware infections in 2020, but there may have been more. Another eight school districts reported malware outbreaks that looked like ransomware but weren’t publicly confirmed as such. Overall, there were fewer ransomware incidents than in 2019, but they were severe.

Double extortion, which is a rising problem for ransomware victims, was a growing trend in 2020. In these attacks, cyber criminals steal data when they encrypt it and blackmail victims by threatening to publish what they stole. Hackers exposed at least 560,000 students' data this way in 2020.

The 2% figure for phishing attacks might seem low, but further analysis shows some of these are business email compromise (BEC) attacks. These are specialized attacks in which thieves convince administrators to send fraudulent payments. Four BEC thefts occurred in 2020, with hackers defrauding one school district of $9.8 million.

Almost half of the attacks (45%) fell into the “other” category, covering everything from “Zoom bombing” meetings to website defacements. This aligns with a sharp change in attack patterns and volumes during Q2 2020 as pandemic conditions kicked in and students moved to remote studies. There were just 49 incidents in Q1, rising to 67 in Q2. The subsequent quarters saw 160 and 132 incidents, respectively.

Intruders used videoconferencing systems to disrupt administrative meetings and classroom sessions, the report said, noting hackers didn’t limit these intrusions to just the Zoom platform. Intruders also compromised school email systems to distribute inappropriate material to the school district members, it added.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022