The COVID-19 pandemic and the lack of a vaccine, for now, has prompted an unexpected rise in remote work, or working from home. The increased use of the Internet, no longer just for leisure, has attracted cybercriminals who now seen an expanded target beyond those doing online shopping or social media.
Education has also been severely impacted by COVID-19. The unexpected disruption required educators to move offline schooling to remote or hybrid learning environments, with little to no preparation at all. Aside from the technical aspects of this shift, cybercriminals are also preying on the already burdened sector.
Globally, the total number of DDoS attacks increased by 80% in Q1 2020 when compared to Q1 2019. Moreover, attacks on educational resources accounted for a large portion of this growth. Between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350% when compared to the corresponding month in 2019.
In a denial of service (DoS) attacks, cybercriminals attempt to overwhelm a network server with requests for services so that the server crashes — denying users access. DDoS attacks are particularly problematic because they can last anywhere from a couple of days to a few weeks, causing disruptions to organizations’ operations and — in the case of educational resources — denying students and staff access to critical materials.
Kaspersky Security Network (KSN) also showed a steep surge in the number of users in SEA who faced threats disguised as e-learning and videoconferencing platforms during the first three quarters of 2020. Applications and tools include Moodle, Zoom, edX, Coursera, Google Meet, Google Classroom, and Blackboard.
The psychology of threat actors
Rachel Zahr, security solutions manager, Synopsys Software Integrity Group said with a majority of school-age children and their support systems (administrators, parents, and teachers) shifting studies remotely this exposes a very large group of internet users who inherently don’t have the knowledge or skills necessary to thwart cyber-attacks.
Whether through choice or necessity, administrations are relying on online educational tools, services, and applications to propel their lesson plans and school year forward. “To be able to properly identify the underlying and potential threats that face them while operating remotely a further step needs to be taken – security awareness education,” he continued.
Knowledge and skills derived from security awareness training (a training that once was mostly reserved for corporate environments) should be thought as table stakes for anyone concerned with safely traversing the internet.
Zahr warned that threat actors will take advantage of any weakness, virtual or human, and unfortunately the uptick of novice software and application users brought on by remote learning is one of them.
“To help protect students, parents, and teachers, school administrations would be doing themselves a disservice if cyber security training wasn’t a part of their 2021 educational initiatives,” he suggested.
Security vendors and organisations can provide expertise and rich security education training, guidance, and tools necessary to thwart attacks at any level and for a variety of roles.
“Our goal is to help teams build security into organisations and we can certainly help educational administrations protect students, parents, and teachers from the volatile internet conditions and threats that await them,” concluded Zahr.