The financial services sector and healthcare industry are obvious targets for cybercriminals, but cyberattacks on educational institutions in 2017 have risen sharply. There have been a multitude of cyberattacks on educational institutions in 2017, and February is far from over. The list paints a particularly bleak outlook for the rest of the year. At the current rate, cyberattacks on educational institutions in 2017 are likely to smash all previous records, eclipsing last year’s total by a considerable distance.
Why Have There Been So Many Cyberattacks on Educational Institutions in 2017?
Educational institutions are attractive targets for cybercriminals. They hold large quantities of personal information of staff and students. Universities conduct research which can fetch big bucks on the black market.
While some of the finest minds, including computer scientists, are employed by universities, IT departments are relatively small, especially compared to those at large corporations.
Educational institutions, especially universities, are often linked to government agencies. If hackers can break into a university network, they can use it to launch attacks on the government. It is far easier than direct attacks on government agencies.
Cybersecurity protections in universities are often relatively poor. After all, it is hard to secure sprawling systems and huge networks that are designed to share information and promote free access to information by staff, students and researchers. Typically, university networks have many vulnerabilities that can easily be exploited.
Schools are also often poorly protected due to a lack of skilled staff and funding. Further, many schools are now moving to one-to-one programs, which means each student is issued with either a Chrome tablet or a Windows 10 laptop. More devices mean more opportunities for attack, plus the longer each student is connected to the Internet, the more time cybercriminals have to conduct attacks.
Another problem affecting K12 schools is the age of individuals who are accessing the Internet and email. Being younger, they tend to lack awareness about the risks online and are therefore more susceptible to social engineering and phishing attacks. The data of minors is also much more valuable and can be used for far longer by cybercriminals before fraud is detected.
While college students are savvier about the risks online, they are targeted using sophisticated scams geared to their ages. Fake job offers and scams about student loans are rife.
The threat of cyberattacks doesn’t always come from outside an institution. School, college and university students are hacking their own institution to gain access to systems to change their grades or for sabotage. Students with huge debts may also seek data to sell on the black market to help make ends meet.
While all of these issues can be resolved, much needs to be done and many challenges need to be overcome. It is an uphill struggle, and without additional funding that task can seem impossible. However, protections can be greatly improved without breaking the bank.
Major Cyberattacks on Educational Institutions in 2017
There have been several major cyberattacks on educational institutions in 2017, resulting in huge losses – both financial losses and loss of data. Educational institutions have been hacked by outsiders, hacked by insiders and ransomware attacks are a growing problem. Then there are the email-based social engineering scams that seek the tax information of staff. Already this year there have been huge numbers of attacks that have resulted in the theft of W-2 forms. The data on the forms are used to file fraudulent tax returns in the names of staff.
Notable cyberattacks on educational institutions in 2017 include:
Los Angeles Valley College
One of the most expensive cyberattacks on educational institutions in 2017 was a ransomware infection at Los Angeles Valley College. The attack saw a wide range of sensitive data encrypted, taking its network, email accounts and voicemail system out of action. The systems could not be restored from backups leaving the college with little alternative but to pay the $28,000 ransom demand. Fortunately, valid decryption keys were sent and data could be restored after the ransom was paid.
South Carolina’s Horry County Schools
The Horry County School District serves almost 43,000 students. It too was the victim of a ransomware attack that saw its systems taken out of action for a week, even though the ransom demand was paid. While it would have been possible to restore data from backups, the amount of time it would take made it preferable to pay the $8,500 ransom demand.
South Washington County Schools
Hackers do not always come from outside an organization, as discovered by South Washington County Schools. A student hacked a server and copied the records of 15,000 students onto a portable storage device, although the incident was detected and the individual apprehended before data could be sold or misused.
Northside Independent School District
One of the largest cyberattacks on educational institutions in 2017 was reported by Northside Independent School District in San Antonio, Texas. Hackers gained access to its systems and the records of more than 23,000 staff and students.
Manatee County School District
Manatee County School District experienced one of the largest W-2 form phishing attacks of the year to date. A member of staff responded to a phishing email and sent the W-2 forms of 7,900 staff members to tax fraudsters.
Huge Numbers of W-2 Form Phishing Attacks Reported
This year has seen huge numbers of W-2 form phishing attacks on educational institutions. Databreaches.net has been tracking the breach reports, with the following schools, colleges and educational institutions all having fallen for phishing scams. Each has sent hundreds – or thousands of W-2 forms to tax fraudsters after responding to phishing emails.
- Abernathy Independent School District
- Argyle School District
- Ark City School District
- Ashland University
- Barron Area School District
- Belton Independent School District
- Ben Bolt Independent School District
- Black River Falls School District
- Bloomington Public Schools
- College of Southern Idaho
- Corsicana Independent School District
- Davidson County Schools
- Dracut Schools
- Glastonbury Public Schools
- Groton Public Schools
- Independence School District
- Lexington School District 2
- Manatee County School District
- Mercedes Independent School District
- Mercer County Schools
- Mohave Community College
- Morton School District
- Mount Health City Schools
- Neosho County Community College
- Northwestern College
- Odessa School District
- Powhatan County Public Schools
- Redmond School District
- San Diego Christian College
- Tipton County Schools
- Trenton R-9 School District
- Tyler Independent School District
- Virginian Wesleyan College
- Walton School District
- Westminster College
- Yukon Public Schools
*List updated June 2017
These cyberattacks on educational institutions in 2017 show how important it is to improve cybersecurity defenses.
If you would like advice on methods/solutions you can adopt to reduce the risk of cyberattacks and data breaches, contact TitanHQ today. TitanHQ offers cost-effective cybersecurity solutions for educational institutions to block email and web-based attacks and prevent data breaches.