Phishing has been around since the first time the term was used on January 2, 1996, and it’s gotten worse every year since then. As cybercriminals have become more sophisticated in their phishing techniques, the cost of phishing and phishing related incidents have started to skyrocket. Originally, the early hackers known as phreaks used America Online (AOL) to trick people into sharing information that the phreaks could use to wreak havoc.
The phreaks started out by creating a scheme that used randomly generated credit card numbers. After that technique was shut down, they began developing other ways to rip off their victims. And, the term phishing was born.
Today, cybercriminals using phishing techniques target K-12 schools with mass email phishing campaigns. They use malicious attachments and trick their victims into opening the attachments or clicking on a phishing link in the email that collects personal information for some seemingly reasonable purpose.
We recently hosted a panel discussion with Doug Levin, National Director of K12 SIX and the author of the State of K-12 Cybersecurity: 2020 Year in Review report, and several K-12 IT leaders to talk about the results of the report and how school districts are fighting cyberthreats such as phishing, ransomware, and more. You can watch the panel discussion recording to learn about the attacks that were recorded in 2020, and how others are fighting back.
One of the shocking statistics that Doug shares in his report is the increasing cost of phishing related attacks targeting K-12 schools. From 2016 through 2020, the median amount of money stolen from school districts via phishing campaigns is $2 million. We reached a new record in 2020, with $9.8 million being stolen from a single school district.
The thing those in charge of K-12 cybersecurity need to understand is that phishing has gotten much more sophisticated over the years. Virtually everyone has received a phishing email such as the one purporting to be from a wealthy foreigner who wants to give you millions of dollars if you’ll only send a few hundred dollars for processing the transfer. Many people fall for this approach, but even more people are amazed that anyone could be taken in by it.
Today, while the number of phishing attacks are down from previous years, the phishing campaigns against school districts are much more sophisticated and their impacts are more devastating. Hackers take the time to research a school district. They identify the individuals in the district who have financial authority and their contractors. Then, they use phishing emails to do things like change the payment routing information for major contractors, gain access to even more sensitive data and/or user accounts, and activate malware in the victim’s network.
Frequently, these are “spear-phishing” attacks, meaning that the emails sent to school districts look like they’re coming from a known or trusted source.
Sometimes schools can get some of the money back, but it depends on how fast the school and/or the contractor spot the problem, and how fast the hackers can get the money out of the country. Increasingly, these situations aren’t ones where someone should have known better. They are professionally written and extremely difficult for even the wary recipient to spot as a phony.
Ransomware attacks are plaguing districts across the country. Ransomware in the cloud is becoming more of a threat, but fewer district IT teams are aware of it. In fact, Google cloud ransomware attacks are becoming more popular since so many schools use Google apps. The problem is complicated because school districts are completely responsible for preventing attacks coming from the apps.
The relationship between phishing and ransomware is clear. According to statistics published on SecurityBoulevard.com, 91% of cyberattacks begin with spear-phishing emails. And, because those emails are so well designed, many of those attacks are successful. Experts are finding that cybercriminals are using trusted domains and legitimate hosting sites such as Constant Contact or SharePoint to launch extremely sophisticated attacks.
Stopping ransomware attacks is even more critical in today’s environment. The 2020 Year in Review report noted that there’s a rise in the number of K-12 ransomware attacks where not only is the school district locked out of their data, but the hackers have downloaded sensitive data before the ransomware demand was made.
These criminals threaten to distribute this stolen data to make K-12 administrators more likely to submit to their ransom demands. They are also using this stolen data to mount new phishing attacks and account takeovers, sometimes against the same victim after the ransom is paid. There have also been incidents where the data is used to extort parents, students, and district employees.
Luckily, there are things you can do to protect your district against ransomware attacks.
It’s rare that a ransomware attack happens without warning. You can monitor ransomware early warning signs such as the following:
Here are some of the top things you can do to mitigate school ransomware attacks, according to the Cybersecurity & Infrastructure Security Agency:
During the panel discussion we recently hosted, the panel came up with a number of suggestions about school ransomware protection, including:
You can learn more tips from your peers by watching the webinar recording.
The high cost of phishing and ransomware attacks is taking a bite out of already stressed school district budgets. You can no longer afford to ignore the problem. Cybercriminals are more sophisticated, and you need automated tools along with the right procedures to protect yourself from phishing and ransomware attacks.