The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned this week that malicious hackers are targeting the nation’s K-12 classes that have moved online during the COVID-19 pandemic.
In a joint alert put out with the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Thursday, the agencies warned that ransomware attacks in particular were hitting online classes and were expected to continue into the next year.
“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the agencies wrote. “These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”
The agencies highlighted a series of potential cyber threats to schools, including ransomware attacks, during which an attacker locks up a network and demands a ransom, and distributed denial of service attacks, in which an attacker overwhelms a server with traffic in an attempt to take it down.
“Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen — and threatened to leak — confidential student data to the public unless institutions pay a ransom,” the agencies wrote.
According to data from the MS-ISAC cited within the alert, hackers have increasingly used ransomware to target K-12 institutions as compared to targeting other organizations.
The MS-ISAC saw over 50 percent of all ransomware attacks reported between August and September targeting K-12 groups. In comparison, only 28 percent of all ransomware attacks reported between January and July of this year were targeted at online K-12 learning.
K-12 institutions have also been victims of video conferencing disruptions, reported widely towards the beginning of the COVID-19 pandemic in March as students moved online and platforms were overwhelmed.
Some students were exposed to sexual, racist or violent images through these disruptions.
“Video conference sessions without proper control measures risk disruption or compromise of classroom conversations and exposure of sensitive information,” the agencies noted.
The warning comes as school districts across the country have increasingly faced interrupted or canceled classes due to cyberattacks.
The Miami-Dade County Public School system was hit by a distributed denial of service attack, or DDoS, in September that disrupted classes.
Last month, the Baltimore County Public Schools system was forced to temporarily shut down classes after being hit by a ransomware attack.
Even before the COVID-19 pandemic, school districts were increasingly disrupted by ransomware attacks. A school district in Flagstaff, Ariz., was targeted by a cyberattack before the virus outbreak, forcing classes to be canceled for two days last year.
The FBI, CISA and the MS-ISAC are not the first organizations to warn of the threat to students.
The Government Accountability Office published a report in October that found that the increasing number of cyberattacks on educational institutions was putting students and their personal data at risk.
Capitol Hill has taken notice, with the House in September approving legislation to create a $400 million grant program to help state and local governments respond to cyberattacks, though the bill has not yet seen a vote in the Senate.