There has been heightened attention (and in some cases, scrutiny) on the reopening plans for K-12 school districts across the nation. If the decision of whether or not to send your kid back to school isn’t already highly charged (and stressful!) enough, parents of K-12 children now have another worry to contend with: attackers looking to disrupt distance learning.
In December of last year, a joint advisory was issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) citing an increase in ransomware attacks against K-12 educational institutions. School computer systems are targeted with the goal of obtaining confidential student data and threatening to leak it unless organizations pay a ransom.
This is coming at a time when school districts are already resource-constrained and grappling with complexity from the recent push to safely return children to the classroom, whether 100% in-person or hybrid.
According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased in the beginning of the 2020 school year. The number of reported ransomware incidents involving K-12 schools jumped from 28% – from January through July – to 57% in the Fall. The agencies expect these types of attacks to continue through the 2020/2021 academic year.
Cisco Talos threat researchers have also seen a considerable uptick in ransomware traffic starting in mid-July of 2020 through late December of 2020. During this timeframe, we have seen a 48X increase in ransomware traffic in the K-12 space. Sodinokibi has been one of the major attacks driving this increase in DNS queries relating to ransomware traffic over the latter half of 2020.
“We have seen a large increase in phishing attacks,” noted Chris Langford, director of network, infrastructure, and cyber security at Lewisville ISD. “Phishing is a major entry point for ransomware, so it is very important for K-12 institutions to implement effective email security tools and phishing training for all staff, including regular simulated phishing tests.”
With 90% of malware using DNS to gain command and control, exfiltrate data, or redirect web traffic, DNS-layer security is the most effective way to block ransomware before it infiltrates the network.1 Cisco Umbrella is a cloud-delivered security service that blocks requests to malicious destinations before a connection is even established.
Thousands of K-12 school districts rely on Cisco Umbrella to comply with CIPA and protect students, teachers, and 1:1 programs. With Cisco Umbrella, IT teams can identify any devices that have been infected by ransomware or users that have been targeted by ransomware attacks, reducing remediation time. Umbrella can also identify potentially unauthorized access or threats to PHI data, even that which is stored in cloud apps. The Cisco Umbrella Education package is licensed by the number of faculty and staff users and there is no charge for protecting your students.
Learn how Lewisville ISD uses Cisco Umbrella to decrease malware and cut remediation time in half for 59,000 students and staff.
1 https://blog.talosintelligence.com/2017/03/dnsmessenger.html
