How Schools Are Being Used as Phishing Attack Platforms

Written by: Francesco Trama | Published on: May 3rd, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Phishing Attack PlatformsSchools employ many types of technology to improve the quality of education. On the surface, these technologies are helpful solutions. However, there is a commonly under-addressed concern: major cyber security vulnerabilities.

IT professionals in education are the “boots on the ground” in facing these challenges. Cybersecurity concerns have a high priority among 73 percent of campus officials, according to Education Dive, with 70 percent citing spam and phishing as the biggest concerns. Many schools face a variety of network security challenges that increase the likelihood of becoming a phishing attack platform. Schools are a useful target for hackers, as they often lack security protocols and resources used by other industries. While educational institutions spend $21 billion on IT expenses annually, eRepublic found that security expenditures fell below personalized learning, digital curricula, and other tech priorities.

Education’s Security Problem

The network environment within education is ripe with security vulnerabilities, from outdated systems to compromised student devices. Students don’t always make the best choices when it comes to the apps and software they load on their tablets, smartphones, and laptops. This high risk of exposure introduces many attack possibilities within your school’s network, whether it comes from an unregulated app or falling prey to a phishing attack. Here are the common vulnerabilities that surface in the network environment at an educational institution:

#1: Student technology practices, apps, and devices.

The students connect to the school’s public WiFi network or the interior network with their compromised devices. They have no idea they’re carrying major threats around in their back pocket and many schools aren’t equipped to handle every attack angle. Schools offer a valuable target for hackers seeking a network with the infrastructure to operate as a phishing attack platform.

#2: Outdated network equipment and security protocols

IT budget issues lead to outdated network equipment and security protocols staying in place long after they should be replaced. This hardware lacks modern security features, most likely runs on old software, and fails to follow security best practices.

#3: Relying too much on firewalls and anti-virus protection

Firewalls and anti-virus protection only represent part of an IT security plan, but many educational institutions use these measures as their only protection method. Next generation security measures such as Geo-IP filtering allow you to make better use of your network security resources. A Geo-IP filter creates a mass block against IP addresses from a specific location, so you can cut down on the threat volume actually making it to your network. This process provides better efficiency compared to identifying and blocking IP addresses on a case by case basis.

These three vulnerabilities lead to a common scenario where schools act as phishing attack platforms. A recent example: a Community College ended up sending 1,357 W-2s to a phisher who posed as a school employee.

Creating the Phishing Attack Platform

The school’s typical security measures address common attack vectors coming from the network perimeter, but what happens when the device accesses the school district’s interior network? All it takes is an assistant teacher or a student helping out a teacher to compromise a system with less stringent security measures.

Now you have a threat to the school’s network or potentially the entire school district, depending on your network infrastructure. The attacker uses the compromised device to gain access to the interior portions of the network. Now they have the opportunity to create the phishing attack platform. The attacker gains access to the mail server so they can send emails in the guise of the school. They look for parents and administrators in a high-level position in finance, healthcare, and other valuable sectors for hackers.

Their goal is to use the school as a launching point for these attacks and get into healthcare and finance organizations. The phishing attacks appear to come directly from the school district, so the attacker hopes at least one of the targets opens the malware on their system. From there, they have an entry point into their primary target’s infrastructure.

The education sector’s IT security problem impacts far more than the individual school districts. All sectors struggle with the cost and damages associated with cybercrime and data breaches, with Juniper Research predicting a $2 trillion cost globally by 2019. Your school may not allocate enough of its IT budget for effective network protection, but the problem is only going to get worse without changing course. Schools need to balance their students’ technology needs with the reality of today’s security landscape. Robust security policies must address perimeter and interior threats, and additional funding is often required to upgrade outdated security systems and other obsolete solutions, and the school’s administration must support cybersecurity efforts from the top on down to make improvements. Educational institutions must take network protection seriously as cybercrime rates continue to increase.  {{cta(‘349ab978-6999-4dbb-97ed-ca742a10ccb1′,’justifyright’)}}