To counter the escalating wave of ransomware and malicious cyberthreats that are currently posing challenges to the education sector, the White House introduced a comprehensive strategy to allocate substantial funding and enhanced federal support to K-12 schools.
Key officials from the Biden administration, including Education Secretary Miguel Cardona, Homeland Security Secretary Alejandro Mayorkas and First Lady Jill Biden, convened with school administrators, technology providers and other stakeholders to tackle the growing threat landscape confronting educational institutions across the country.
According to a 2022 U.S. Government Accountability Office report, the loss of learning following cyberattack ranged from three days to three weeks, recovery time can take anywhere from two to nine months and monetary losses to school districts following a cybersecurity incident ranged from $50,000 to $1 million.
Among the efforts underway to strengthen cybersecurity are the Department of Education’s establishment of a Government Coordinating Council (GCC) and the CISA’s plans to conduct 12 K-12 cybersecurity exercises.
At the same time, Amazon Web Services (AWS) pledged to allocate $20 million for a grant initiative to bolster cybersecurity resilience.
Through this grant, tech competitors and school leaders will launch a campaign against ransomware and malicious threats targeting K-12 schools.
The funding is intended for cloud-based cybersecurity initiatives within K-12 school districts and state education departments.
Schools Make Tempting Targets
Jack Danahy, vice president of product and engineering at NuHarbor Security, explained that email addresses and some limited personal information are often publicly available for many K-12 employees.
“There is a natural and necessary effort to connect educators, parents and students, so this contact information is published on school and town web pages,” he explained. As a result, attackers looking for ransomware targets can find a ready-made list of potential targets, making school systems more vulnerable than other, more discreet organizations.
He added that K-12 systems can also ill afford the downtime associated with a successful attack because the community expects students to be in school while parents work.
Recent attacks that combined the release of very sensitive private information (doxxing) with ransomware downtime put further pressure on schools struggling to protect their students’ confidential records.
“The result is that these systems can be seen as a more likely ransomware payer, and attackers come to the party with a published list of potential entry points,” Danahy said.
He explained that ransomware is a straightforward path to monetization, and he believes that the motivation for most of these attacks is financial.
“The current generation of well-supported platforms providing ransomware-as-a-service (RaaS) is further evidence,” he said. “One group creates and maintains the platform for executing ransomware campaigns and the other pays for and targets those attacks.”
Fees are paid, proceeds are divided and the next version of the malware and the next victim continue this part of the ransomware economy.
“I think that there is a blend of attackers, from purely self-interested criminals to nation-states, who use ransomware to raise funds, inject some chaos into a target region and potentially pick up some private information that could be useful later,” Danahy noted.
The Ransomware-as-a-Service (RaaS) Ecosystem
The ransomware-as-a-service platforms have also created an ecosystem where malicious technologists aren’t carrying out attacks and the attackers need not know the mechanics behind the attacks they’re carrying out.
Regarding the White House’s announcement, Danahy said anytime senior political figures express concern about cybersecurity and support for defense, the increased visibility is a meaningful accelerant for state and local funding and prioritization.
“I’m glad the meeting happened,” he said. “CISA’s proposed efforts to provide security assessments of school systems is also a worthy investment of time, as the lessons learned and remediations recommended can be translated into insights and actions across the country.”
He said his only complaint about the session was that it was focused specifically on ransomware and not cybersecurity more generally. It would be great to see the same level of scrutiny and concern applied to general cybersecurity best practices, cybersecurity hygiene and basic prevention steps, which would make everyone safer, he said.
“Ransomware is a term that has many meanings depending on the audience, and the attack techniques vary widely, touching any or all of the security domains as they proceed,” he said. “I’d like to see the same level of effort and urgency put into improving practices and providing tactical value around areas like configuration and acceptable use so that there is a uniform level of protection.”
He pointed out that there might be unintended consequences of focusing too narrowly on one type of attack; like the proverbial game of whack-a-mole, it’s possible that attackers would simply shift to another vector. The focused attention on one payload (ransomware) would naturally lead to less effort spent on the underlying vulnerabilities that provided access to attackers. If the anti-ransomware campaign succeeds, it may lead to the rise of another type of payload.
Recent Articles By Author