This article was originally published in Hackernoon on 05.29.24 by Charlie Sander, CEO at ManagedMethods.
Distributed denial-of-service (DDoS) attacks have plagued schools for quite some time. We often hear about ransomware attacks or other security breaches in the news, but DDoS attacks can be just as troubling for a school. DDoS attacks are cyberattacks in which a server is overloaded with unsolicited requests until it becomes unstable and an outage occurs.
Verizon’s recent 2024 Data Breach Investigations Report, schools experienced a whopping 1780 incidents in 2023, with a whopping 86% of those involving some kind of data leakage. This amounts to a 258% increase compared to 2022.
And a couple of months ago, charges were finally filed for a man who committed several DDoS attacks via a domain called Astrostress. He would offer DDoS as a subscription service, whereby people could subscribe for a fee and select their targets for him to exploit. The Baltimore County Public Schools were one of many victims back in 2022.
Believe it or not, this is one of the primary ways that victims are subjected to DDoS attacks, with students being the primary perpetrators, as they can cost as little as $5.
So, what are some of the reasons hackers use DDoS attacks, and how can schools equip themselves to defend against them? Let’s dive in.
Hackers often want to shut down operations completely by targeting network infrastructure with a DDoS attack. They might focus their efforts on the accounting or learning management systems, but either way, they want to halt the network.
Unlike other cyberattacks, the aim is to cause disruption rather than actually steal data or hold the school to ransom. However, at the same time, the DDoS attacks could be a distraction technique whereby the schools tries to keep the network live and focuses their resources there, leaving other areas vulnerable.
DDoS attacks are also often used by hackers as a low-cost, low-risk way to stress test the schools’ network resilience, defenses, and incident response prior to launching a larger attack.
Unfortunately, a lot of the time, schools aren’t even aware when they’re victims of a DDoS attack, putting it down to just a simple internet provider issue. But the negative impact of a network being shut down for an extended period can have a huge impact on reputation, and even future student enrollment or funding.
Given that colleges and schools are the slowest to respond to cyber attacks of any sector, it is a double-edged sword with their vulnerabilities and ability to cope with them…