The Biden administration launched an initiative to bolster school cybersecurity by offering free and subsidized resources, but many districts still confront persistent cyber threats and adoption challenges. Ransomware remains prevalent due to sensitive student data, while limited resources and staffing hinder effective security management and incident response; vendor engagement has yielded limited near-term reductions in attacks. #CrowdStrike #PowerSchool #IlluminateEducation
Keypoints
- The White House initiative aimed to provide free and subsidized cybersecurity resources to schools, yet many districts still struggle with cyber threats.
- Ransomware is a major driver of risk for schools because of the sensitive student information stored in databases.
- Limited resources and staffing in schools hinder effective cybersecurity management and incident response.
- Engagement with cybersecurity vendors has occurred, but overall impact on reducing attacks has been minimal.
- Continued outreach and potential federal funding are considered necessary to strengthen school cybersecurity efforts.
MITRE Techniques
- [T1566] Phishing – Attackers used deceptive emails to target students, including a case where a teacher’s account sent phishing emails to 4,000 students. “One of our customers actually had this happen to them. I think it was 4,000 students that all received some phishing scam from a teacher that spammed the entire database of students.”
- [T1078] Valid Accounts – Attackers compromised a teacher’s account and used that to send phishing emails to their students. “compromising a teacher’s account and using that to send phishing emails to their students.”
- [T1499] Endpoint Denial of Service – A CrowdStrike-enabled Windows outage pummeled school districts, disrupting operations. “Last month’s accidental, global CrowdStrike-enabled Windows outage pummeled school districts providing summer classes.”
- [T1486] Data Encrypted for Impact – Ransomware used to hold school data hostage due to the prevalence of sensitive student information. “Ransomware attacks — where a malicious actor uses malware to hold a computer network’s data hostage in exchange for a ransom payment — have been a popular tool for targeting schools because they are often deemed target-rich due to the reams of sensitive student information stored in school databases.”
- [T1204] User Execution – Students fell for phishing, highlighting user-level risk in cyber defense. “Dozens of kids fell for it, sending PayPal payments to the phony user that was offering up a used video game console in exchange for the money.”
Indicators of Compromise
- [Domain] article references and sources – nextgov.com, latimes.com, and other domains mentioned in the article