Edu Cyber Threat

Cyber Threats to Education

Security is a major concern

Cyber security is now a major concern for education. News of organisations being hacked becomes ever more commonplace and recent examples have shown prestigious independent schools to universities being held to ransom and having to pay to unlock files and systems, or having the personal data of their pupils leaked online thus falling foul of the Data Protection Act.

Ransomware is still on the rise

Fraudsters have been cold calling UK education establishments resulting in ransomware attacks. There have been several instances on fraudsters posing as being from the Department of Education, the Department for Work and Pensions, or telecoms providers. The head teacher, financial administrator receive emails with attachments purporting to be anything from exam guidance forms to mental health assessments. On opening the attachments, ransomware is activated encrypting files and systems which attackers hold to ransom. The recent spate of ransomware attacks have seen an average pay off of around £8000 each, with schools either having to pay the ransom or rebuilding systems and hoping that they can restore anything important using backups.

Education an attractive target

School systems have much student and staff data that are valuable and coupling this with lean staffing levels, makes them an attractive target for those seeking access and information.  In addition, prestigious independent schools and universities are also targeted by criminals looking to capture information belonging to children of those with high net worth and influence.

Modern networks must be resistant to modern threats. Bursars, shareholders and IT staff should be worried about network security, such as the separation of curriculum networks from administrative networks. The loss of sensitive data belonging to children and their families, as well as school financial data, interim unpublished results of inspections, HR issues with existing or past staff etc. may have a catastrophic impact for the individuals and schools alike, with both financial and legal ramifications for failure to comply with legislation.


Free Consultation

Worried about threats to your cybersecurity and the potential damage and disruption? Just let us know how we can contact you and one of our Trusted Advisors will be in touch.

Or call us to speak with someone immediately: +44 845 257 5903

We look forward to speaking with you soon.

Schools are low-hanging fruit

Attackers have identified schools as “low-hanging fruit” because they are often ill-equipped to spot signs of cyber fraud. Criminals have become increasingly sophisticated in their approach, making the threat of a cyber-attack less apparent. By using publicly available information, often from organisations’ websites and social media, criminals can gain the trust of unsuspecting staff members, increasing the chance that a harmful email attachment would then be opened from someone purporting to be a legitimate sender.

The Teacher's Portal

Recent cyber attacks on schools:

Janet, a research and educational network in England, has been the victim of several denial-of-service attacks over the last year. Janet connects the networks of 19 different regional universities. The sophisticated attacked rippled through these networks, resulting in degradation to network services and performance.
US universities Rutgers, Arizona State, and University of Georgia have all experienced denial-of-service attacks over the last year. These attacks have caused a number of issues resulting in delays during registration and final exams. These attacks completely  completely saturate the network, preventing students from being able to connect to the network.
A Vancouver high school suffered network service degradation following a student successfully compromising their teacher’s email account and began spamming out emails in bulks to a list of over 50,000 email addresses. This action of spamming slowed down the school’s network operation. The student was expelled.
A 15-year-old in Australia is facing 10 years in jail for launching one of the largest DDoS attacks in the country’s history. The attack was so large that around 10,000 customers for the local ISP NuSkope were also affected. This attack was directed at a number of targets including Reynella East College. The attacker said that he launched the assault as a test.
One in three universities in the UK face cyber attacks on an hourly basis, with exam and dissertation results targeted alongside personal data and research.
A college in India was hacked and defaced by a group named Pak Cyber Attacker. The attack was launched against both the official website of Utkal University and the e-admissions page. At the time of this report, the e-admissions page was not accessible.
A 16-year-old student in Japan downloaded an attack tool to his desktop and carried out an attack on the Osaka Board of Education server, resulting in 444 elementary, junior highs, and high school websites being knocked offline. He was monitoring the attack from his cellphone and expressed that he wanted to join Anonymous, the worldwide hacktivist group. This student ultimately launched this attack due to his frustration with his school teachers.
Action Fraud, the UK's cybercrime and fraud reporting centre, has issued an alert to warn teachers of the dangers posed by cold-callers posing as officials from the “Department of Education”. Fraudsters ask to be given the personal email or phone number of the head teacher, claiming that they need to send over sensitive guidance about mental health or exams which cannot be sent to a generic school account - the emails sent are loaded with ransomware.

Infosec Partners has helped education establishments, from the most prestigious independent schools to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.

Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.

Copyright © Infosec Partners Group 2004 - 2019. All rights reserved     -     CALL : 0845 257 5903 or +44 (0)1256 893662     -     EMAIL :