TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education has released an advisory to K12 schools and has issued guidance to help educational institutions mitigate danger and safeguard their networks from attack.
The attacks on educational institute by TheDarkOverlord in recent weeks have seen the threats become more serious. Previous attacks have seen organizations threatened with the publication of sensitive information. The latest attacks have included more serious threats, not just against the hacked body, but also threats to parents of students whose data has been obtained. Some parents have also been on the receiving end of threats of violence against their children as have schools.
While some healthcare groups – and law enforcement agencies – have said the threats of violence and attacks on the schools are not valid, the hacking and extortion threats are worrisome. Threats of violence aside, the publication of sensitive data can be very damaging for schools and their students.
Once a school has been subjected to attack and data has been stolen, schools have two available course of action: Failure to deal with the threats and report the incidents to law enforcement agencies and deal with the ramificaitons, or pay the ransom request. Law enforcement strongly advises against the latter course of action.
What schools must do is take the initiative to prevent attacks from happening, which means addressing the weaknesses that are being exploited. It is not possible to minimize risk to zero, but it is possible to make it much more difficult for access to school networks and data to be gained.
In the U.S. Department of Education advisory, Kathleen Styles revealed what law enforcement agencies have been saying, that so far, any threats of violence have not been valid and no physical attacks on schools havebeen experienced. However, she did outline the importance of taking action to improve cybersecurity defenses to mitigate the risk of these hacking and extortion threats.
So far, confirmed attacks have been seen in three states, and each of those attacks have happened as a result of schools having weak security. Access to data has been gained by exploiting unaddressed known weaknesses in software, through phishing attacks on employees and via malicious software.
The U.S. Department of Education has warned all K12 schools to take the following steps. The same precautions should be put in place by all educational institutions, including higher education institutions.
- Complete security audits (risk assessments) to find weaknesses that could potentially be exploited, and address any vulnerabilities that are found – such as making sure patches are applied and vulnerable systems are safe.
- Make sure audit logs are created and regularly maintained to identify any suspicious behavior. Quick detection of an attack can restrict the harm caused.
- Train staff and students on data security best processes.
- Carry out phishing awareness workshops and advise staff and students of the danger of social engineering attacks. Show them how to find and report a phishing email.
- Finish a review to make sure all systems storing sensitive data cannot be seen from outside the organization.
If attacked, it is essential that law enforcement is notified as soon as possible. The Department of Education should also be made aware so it can disseminate the indicators of compromise to stop other schools and school districts from being subjected to attack.
he Department of Education should also be contacted so it can disseminate the indicators of compromise to prevent other schools and school districts from being attacked.