After an already challenging year, in which education establishments faced a significant rise in ransomware and other targeted attacks, schools, colleges and universities must now brace themselves for an inevitable surge in threats as they re-open their doors for the new school year.


2020 and 2021 have been difficult years for all businesses, but particularly those in the education sector. Not only did these establishments have to adjust to remote lessons for students and delayed examinations, they also faced a sudden increase in targeted cyber attacks – especially ransomware.

“In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.”

In June the NCSC released an alert warning education establishments of this growing threat, urging schools to take measures to protect their networks against malware and ransomware. This alert also informed readers of some new emerging ransomware trends, including threats to release sensitive data if a ransom is not paid, rather than simply encrypt it. This is of course a serious risk for schools, colleges and universities as the data they hold on their students is incredibly sensitive, and having this exposed would be a massive breach of GDPR.

It's likely that these attacks will ramp up again as students return to class in September, so it’s incredibly important that institutions carefully consider their potential infection vectors, take action to prevent inbound threats and prepare a data recovery plan.

 

Common ransomware infection vectors

There are a handful of ways that an attacker can gain access to an organisation’s network and install malware, with each vector requiring different methods of security. From NCSC’s recent observations, they have highlighted the following vectors as most common:

 

Phishing Emails

In Q4 of 2020, phishing rose to the #1 most used ransomware attack vector.
Phishing emails are frequently used to deploy ransomware and can be leveraged for these attacks in a handful of ways. Some phishing attacks may include the malware in links or attachments within the email, whereas some deliver multi-phase attacks in which the phishing email is used to gather user credentials before a ransomware infection is deployed internally.

 

Remote Access

Attackers frequently target organisations’ networks through remote access systems such as remote desktop protocol (RDP) and virtual private networks (VPN).

  • Remote Desktop Protocol (RDP)
    RDP is one of the main protocols used for remote desktop sessions, allowing employees to access their office desktop computers or servers from another device. Just as this protocol allows employees to remotely access the company network, it can also be exploited to allow attackers to gain access.

  • Virtual Private Networks (VPN)
    The exploitation of VPN vulnerabilities to gain initial access into a network is a fast-growing trend, with recent examples including Citrix, Fortinet, Pulse Secure and Palo Alto. The shift to remote learning over the past 2 years has meant that many educational establishments have rapidly deployed VPNs which might not have been properly secured.

 

Software Vulnerabilities

Unpatched software vulnerabilities open the door to attackers, allowing them to compromise accounts, access sensitive data, and deliver malicious software like ransomware. For example, in March this year Microsoft reported that cyber criminals had exploited vulnerabilities in Microsoft Exchange Servers to install ransomware on a network.

 

Advice for Protection

Due to the variety of methods that attackers can leverage when infecting your network with ransomware, businesses require multiple layers of security to fully prepare for the threat.

  • Protecting Emails
    With an AI-based inbox defence solution like Barracuda Sentinel, businesses can benefit from smart behavioural analysis which detects suspicious language or requests in emails, stopping phishing emails in their tracks before they can manipulate users into downloading dangerous malware.

  • Secure Remote Access 
    For schools practising remote learning, it's important that your staff and students all have reliable and secure access to applications and resources that sit within the school network.
    With network protection like Barracuda's CloudGen Firewall, education establishments can benefit from advanced site-to-site and client-to-site capabilities, allowing for safe and encrypted data access.

  • Protecting Software Applications
    Software applications are becoming more commonplace for schools, colleges and universities each year - rising even more so since the introduction of remote learning - but this can pose a significant risk. In fact, 43% of data breaches involve web applications.
    A Web Application Firewall scans all inbound traffic to block attacks, and scans all outbound traffic to prevent data loss.