Cybersecurity for educational institutions – it’s always exam time

Educational institutions have made strong investments in technology over the years, both to drive efficiency and productivity, as well as to enable new services – online testing, homework, teaching and administration. As natural users and innovators in advanced technology, they are also natural targets for online crime with many obvious motivations. While intellectual property theft remains a key target, something we observe at NETSCOUT is the threat to the availability of educational services. The use of DDoS against educational services is particularly rife.

In our recently published NETSCOUT Threat Intelligence Report, we revealed that we had observed 8.4 million DDoS attacks in 2019. It’s worth noting that at least 186,000 of these were reported against educational services worldwide. Below are monthly breakdowns for attack frequency as well as the largest attacks by volume that we saw targeting educational services last year. These details are available for review at NETSCOUT Cyber Threat Horizon – a free resource with live attack data.

The following things stand out to me when I look into the data:

• The attack frequency maps clearly to the global educational calendar, with a large part of the world’s population taking breaks during the summer in the northern hemisphere.
• Looking at the types of attacks involved, it represents the full gamut of DDoS techniques, including new ones that first came to light in 2019. We reported on seven new attack vectors first observed in volume last year, demonstrating the level of innovation that’s driving trends across the attack landscape.

Outside of the data, we’ve had the opportunity to protect a few educational institutions against DDoS attacks worldwide and have come away with the following observations:

• The attacks we saw were timed to coincide with key examinations that were administered online. While we could thwart those specific attacks, it was clear to us that the attacker didn’t go away until that period of exams had concluded.
• In more than one instance, the systems used to launch the attack involved computing resources from other educational institutions. This doesn’t necessarily mean that the attacker had anything to do with that other institution, but the computer and network capacity often present at educational institutions make them attractive to use in attacks.

Of course, students aren’t the only, or perhaps even the main, threat to educational systems. Nation-state actors have been targeting higher education for a long time, primarily with a view to stealing the intellectual property often uniquely present there. Just over a year ago, NETSCOUT reported on a campaign we called STOLEN PENCIL, in which suspected North Korean actors had gained persistent access to range of universities and think tanks across North America.

Another cause for concern in educational services is the widespread proliferation of Internet of Things (IOT) devices. Colloquially, I take this to mean any non-standard computing device that connects to the network – think printers, IP-enabled video cameras, digital whiteboards, etc. These are often the basis for DDoS attacks worldwide today because of the poor security practices associated with many of them, as well as the sheer volume at which they are being deployed. Our research has shown that the malware family called Mirai has been extended to cover an ever wider set of device types, greatly expanding the potential scale of attacks that involve these devices.

Given this, it’s fair to say that educational services have to be vigilant against the cybersecurity threat. Strong network segmentation, best-of-breed DDoS protection and continuous monitoring are critical ingredients to ensuring that such services can be delivered in a safe and consistent manner.

You might also like: E-learning technologies: new opportunities or stumbling blocks for education?