Surge in DDoS attacks targeting education and academic sector
As education institutions across the world moved to online learning, cyber threat disruptions have amplified more than ever. Malware, vulnerability exploits, distributed denial-of-service (DDoS), phishing attacks have all struck this sector, increasing in frequency over the past two months.
As schools in the U.S. restarted in remote learning mode, cybersecurity companies noticed a surge in DDoS attacks causing network downtime and pausing classes as a consequence.
Steep curve for DDoS attacks
Data from cybersecurity company Check Point shows that attackers have adopted different methods and tactics when targeting the education and research sectors in the U.S., Europe, and Asia. The end goal also seems to vary from one region to another.
Check Point notes that most of the attacks targeted institutions in the U.S., with an average weekly increase of 30% during July and August in the academic sector. This means a jump from 468 to 608 when compared to May and June.
The cause of the surge were DDoS attacks, typically deployed by hacktivists. Sometimes, though, behind the disruption are students trying out dedicated tools freely available online.
A South Miami Senior High School junior student was arrested earlier this month for launching eight DDoS attacks against the County Public Schools.
Kaspersky also signaled at the beginning of September that this year saw a sharp rise in DDoS attacks against the education sector, on the backdrop of the pandemic that forced online classes.
“For each month from February to June, the number of DDoS attacks that affected educational resources out of the total number of attacks was 350-500% greater in 2020 than in the corresponding month in 2019,” Kaspersky found.
Not just DDoS
In Europe, the goal of most attacks targeting the academic sector in July and August was information disclosure. Check Point recorded a 24% increase, which translates to a jump from 638 to 793 incidents.
Cyber attacks in Asia hitting the same type of victims also increased, but their nature varied from DDoS to remote code execution and information disclosure.
Check Point says that the weekly average attack activity against academic organizations increased by 21% in July and August, or from 1,322 to 1,598 when compared to the previous two months.
While DDoS is the most prominent type of attack stemming from the research, other threats also affected the education and research segment. Phishing and malware disguised as legitimate platforms like Zoom, Moodle, or Google Classroom were a common scenario this year.
Additionally, many schools in the U.S. fell victim to ransomware attacks this year. One of the most recent example is the Fairfax County Public Schools (FCPS) that were hit by Maze ransomware and disclosed the attack on Friday.