Cybersecurity for educational institutions – it’s always exam time
Hardik Modi, AVP engineering, threat and mitigation products at NETSCOUT, discusses insights from the 15th annual worldwide Infrastructure Security Report
Educational institutions have made strong investments in technology over the years, both to drive efficiency and productivity, as well as to enable new services – online testing, homework, teaching and administration. As natural users and innovators in advanced technology, they are also natural targets for online crime with many obvious motivations. While intellectual property theft remains a key target, something we observe at NETSCOUT is the threat to the availability of educational services. The use of DDoS against educational services is particularly rife.
In our recently published NETSCOUT Threat Intelligence Report, we revealed that we had observed 8.4 million DDoS attacks in 2019. It’s worth noting that at least 186,000 of these were reported against educational services worldwide. Below are monthly breakdowns for attack frequency as well as the largest attacks by volume that we saw targeting educational services last year. These details are available for review at NETSCOUT Cyber Threat Horizon – a free resource with live attack data.
Monthly DDoS attack count seen against Educational Services in 2019. Source: NETSCOUT
Largest DDoS attack by volume seen against Educational Services in 2019. Source: NETSCOUT
The following things stand out to me when I look into the data:
The attack frequency maps clearly to the global educational calendar, with a large part of the world’s population taking breaks during the summer in the northern hemisphere.
Looking at the types of attacks involved, it represents the full gamut of DDoS techniques, including new ones that first came to light in 2019. We reported on seven new attack vectors first observed in volume last year, demonstrating the level of innovation that’s driving trends across the attack landscape.
Outside of the data, we’ve had the opportunity to protect a few educational institutions against DDoS attacks worldwide and have come away with the following observations:
Advertisement
The attacks we saw were timed to coincide with key examinations that were administered online. While we could thwart those specific attacks, it was clear to us that the attacker didn’t go away until that period of exams had concluded.
In more than one instance, the systems used to launch the attack involved computing resources from other educational institutions. This doesn’t necessarily mean that the attacker had anything to do with that other institution, but the computer and network capacity often present at educational institutions make them attractive to use in attacks.
Of course, students aren’t the only, or perhaps even the main, threat to educational systems. Nation-state actors have been targeting higher education for a long time, primarily with a view to stealing the intellectual property often uniquely present there. Just over a year ago, NETSCOUT reported on a campaign we called STOLEN PENCIL, in which suspected North Korean actors had gained persistent access to range of universities and think tanks across North America.
Another cause for concern in educational services is the widespread proliferation of Internet of Things (IOT) devices. Colloquially, I take this to mean any non-standard computing device that connects to the network – think printers, IP-enabled video cameras, digital whiteboards, etc. These are often the basis for DDoS attacks worldwide today because of the poor security practices associated with many of them, as well as the sheer volume at which they are being deployed. Our research has shown that the malware family called Mirai has been extended to cover an ever wider set of device types, greatly expanding the potential scale of attacks that involve these devices.
Given this, it’s fair to say that educational services have to be vigilant against the cybersecurity threat. Strong network segmentation, best-of-breed DDoS protection and continuous monitoring are critical ingredients to ensuring that such services can be delivered in a safe and consistent manner.
Advertisement
Advertisement
Cybersecurity for educational institutions – it’s always exam time
Staff
Educational institutions have made strong investments in technology over the years, both to drive efficiency and productivity, as well as to enable new services – online testing, homework, teaching and administration. As natural users and innovators in advanced technology, they are also natural targets for online crime with many obvious motivations. While intellectual property theft remains a key target, something we observe at NETSCOUT is the threat to the availability of educational services. The use of DDoS against educational services is particularly rife.
In our recently published NETSCOUT Threat Intelligence Report, we revealed that we had observed 8.4 million DDoS attacks in 2019. It’s worth noting that at least 186,000 of these were reported against educational services worldwide. Below are monthly breakdowns for attack frequency as well as the largest attacks by volume that we saw targeting educational services last year. These details are available for review at NETSCOUT Cyber Threat Horizon – a free resource with live attack data.
The following things stand out to me when I look into the data:
Outside of the data, we’ve had the opportunity to protect a few educational institutions against DDoS attacks worldwide and have come away with the following observations:
Advertisement
Of course, students aren’t the only, or perhaps even the main, threat to educational systems. Nation-state actors have been targeting higher education for a long time, primarily with a view to stealing the intellectual property often uniquely present there. Just over a year ago, NETSCOUT reported on a campaign we called STOLEN PENCIL, in which suspected North Korean actors had gained persistent access to range of universities and think tanks across North America.
Another cause for concern in educational services is the widespread proliferation of Internet of Things (IOT) devices. Colloquially, I take this to mean any non-standard computing device that connects to the network – think printers, IP-enabled video cameras, digital whiteboards, etc. These are often the basis for DDoS attacks worldwide today because of the poor security practices associated with many of them, as well as the sheer volume at which they are being deployed. Our research has shown that the malware family called Mirai has been extended to cover an ever wider set of device types, greatly expanding the potential scale of attacks that involve these devices.
Given this, it’s fair to say that educational services have to be vigilant against the cybersecurity threat. Strong network segmentation, best-of-breed DDoS protection and continuous monitoring are critical ingredients to ensuring that such services can be delivered in a safe and consistent manner.
You might also like: E-learning technologies: new opportunities or stumbling blocks for education?
Advertisement
BBC helps young pupils return to the classroom
When the nation’s school pupils went into lockdown earlier this year, the BBC launched Bitesize…
Is coronavirus installing higher education 4.0?
Universities carry a long pedigree of tradition. New ideas come, old systems go, but the…
The role of analytics in enabling student success
In the edtech world, what can new players bring to the table?
Every day is a school day, thanks to technology (and our teachers)
Disadvantaged students struggle with e-learning due to lack of food, new report reveals