2017 has already seen numerous cyberattacks on educational institutions. 2017 has started particularly badly for the education sector and there is no sign of the cyberattacks abating any time soon. But why is the education sector being so heavily targeted by hackers, cybercriminals, and scammers?

It is easy to see why cyberattacks on financial institutions occur. There are substantial funds to be plundered.  Cyberattacks on healthcare organizations are also common. Those organizations hold vast quantities of data; data that can be sold for big bucks on the black market and used for all manner of fraud: Medical fraud, identity theft, tax fraud, and insurance fraud for example.

However, the education sector is similarly being targeted. K12 schools, colleges, and universities have all been attacked and those attacks have soared in 2017.

The list of educational institutions that have reported cyberattacks in 2017 is long. Barely a day goes by without another educational institution being added to the list. Many of the cyberattacks on educational institutions are random, but it is becoming increasingly clear that the education sector is being targeted.

There are many reasons why the attacks have soared in recent months. Educational institutions hold vast quantities of valuable data, they have considerable computer resources that can be used by cybercriminals, and in contrast to other industry sectors, educational institutions are not as heavily regulated when it comes to cybersecurity protections. Defenses are relatively poor and educational organizations tend to have relatively few IT staff compared to the corporate sector.

In short, the potential profits from cyberattacks on educational institutions are high and attacks are relatively easy to perform. For cybercriminals that is an excellent combination.

What Data are Cybercriminals Attempting to Steal?

K12 school systems have been targeted by criminals in order to gain access to student data. Social Security numbers of minors are extremely valuable. Dates of birth and Social Security numbers can be used for identity theft and fraud and in the case of minors, fraud is less likely to be identified quickly. Minors details can be used for longer.

Universities and school systems also hold considerable amounts of intellectual property and research.  That information can be sold for considerable sums on the black market.

As we have seen on many occasions this year, the personal information of school employees has been targeted by scammers. Emails have been sent requesting W-2 Form data, which are used to file fraudulent tax returns in school employees’ names.

This tax season, the following colleges, universities, schools and school districts have reported that employees have fallen for a W-2 Form phishing scam and have emailed the data of their employees to cybercriminals.

  • Abernathy Independent School District
  • Ark City School District
  • Ashland University
  • Barron Area School District
  • Belton Independent School District
  • Black River Falls School District
  • Bloomington Public Schools
  • College of Southern Idaho
  • Corsicana Independent School District
  • Crotched Mountain Foundation
  • Davidson County Schools
  • Dracut Schools
  • Glastonbury Public Schools
  • Groton Public Schools
  • Independent School District
  • Lexington School District Two
  • Manatee County School District
  • Mohave Community College
  • Morton School District
  • Mount Healthy City Schools
  • Northwestern College
  • Odessa School District
  • Redmond School District
  • Tipton County Schools
  • Trenton R-9 School District
  • Tyler Independent School District
  • Virginian Wesleyan College
  • Yukon Public Schools

As with the healthcare industry, the reliance on data makes schools, colleges, and universities targets for ransomware attacks. Ransomware is used to encrypt data and a ransomware demand is issued to unlock files. In many cases ransoms are paid as no backups of the encrypted data exist.

Some notable cyberattacks on educational institutions that have been reported this year are listed below.

2017 Cyberattacks on Educational Institutions

January 2017

Northside Independent School District in San Antonio, TX, discovered its email system had been hacked. Names, addresses, and dates of birth were potentially stolen. In total, 23,000 individuals were impacted by the incident.

South Washington County Schools in Minnesota discovered that one of its students had hacked into its system and stolen more than 15,000 employee records.

Los Angeles County College was attacked with ransomware in January and was forced to pay a ransom demand of $28,000 to regain access to its files. The attack resulted in most of the college’s infrastructure, including email and voicemail, being encrypted by the ransomware.

February 2017

Horry County Schools in South Carolina was forced to pay a ransom demand of $8,500 to recover data that were encrypted with ransomware. Even though the ransom was paid, systems were taken out of action for over a week as a result of the infection.

These are just a handful of the cyberattacks on educational institutions reported this year. Given the increase in cyberattacks on educational institutions, it is essential that schools, colleges, and universities take action and implement appropriate defences to mitigate risk.

If you are in charge of cybersecurity at your educational organization and you would like to receive tailored advice on some of the best protection measures you can implement to reduce the risk of a cyberattack, contact the TitanHQ team today.