Schools ‘prime targets’ for cyberattacks, report finds

Schools ‘prime targets’ for cyberattacks, report finds

Australia’s education institutions are increasingly the victim of trojan, adware and backdoor attacks, new research shows.

In 2018, education was the top industry for Adware compromises, Trojan detections, and second on the list of verticals most commonly hit with ransomware. The report found that this trend continued in the first half of 2019 and is likely to continue to remain a threat for educational institutions in years to come.

The findings, from leading cybersecurity firm Malwarebytes, said this threat is largely due to school and university networks often lacking strong protection due to limited budgets and resources.

As a consequence, connected devices remain a favoured point of entry for hackers, whether on institution-owned or BYOD devices, compromising systems and sensitive data.

In the third quarter of 2019, Malwarebytes detected more activity across the Australian education domain ( than the rest of the world’s education domains. In particular, August saw a growth of malware detections which could indicate the beginning of another surge into Spring.

Connected devices in hackers’ line of fire

Globally, in the first half of 2019, Trojans, Adware and Backdoors were the three largest categories of threats identified among education institutions:

  • Adware (43 percent) – Adware is unwanted software designed to throw advertisements up on screens, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick the user into installing it on their PC, tablet, or mobile device.
  • Trojans (25 percent) – Trojans are often seen as a ‘virus’ or a ‘worm’, but they’re neither. Trojans use deception and social engineering to trick unsuspecting users into running seemingly benign computer programs that hide malicious ulterior motives.
  • Backdoors (3 percent) – Unlike other cyberthreats that make themselves known to the user (i.e. ransomware), Backdoors are known for being discreet. They exist for a select group of people in the know to gain easy access to a system or application, and they are on the rise.

Malwarebytes Labs also detected that globally the .edu domain email addresses was increasingly being used on a wide array of other networks, increasing the risk of infection and harm to both the device and the institution’s network when the device is brought back on campus.

According to Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific, the digitisation of the Australian education industry, and the rise of LMS and eLearning platforms represent fantastic opportunities for schools, universities and students.

However, he pointed out that this also means more devices, both institutional-owned and student-owned connect to the network.

“Students use an increasing number of devices - on campus, at home and on the go - connecting endpoints to both secure and unknown networks,” Hurmuses said.

“This increases the risks of devices being infected, putting the institution’s corporate network and the student’s personal data at a greater risk of being compromised.”

In fact, Malwarebytes found that devices plugged into the school networks (vs. school-owned devices) represented 1 in 3 compromises detected in H1 2019.

Trojans: a cyberthreat on the rise

Education was the top industry globally impacted by Trojans in 2018, and Malwarebytes Labs has identified this trend will continue to accelerate in 2019. In the first half of the year: 

  • Trojans represented almost 30 percent of all detections on institution-owned devices
  • Among devices plugging into the network, Trojans represent the single largest threat category, even above generic Malware and Adware detections
  • Amongst Australian education organisations, 21 percent of compromised non-institution-owned devices carried Trojans, much higher than other western countries such as Singapore (17 percent), or the UK (5 percent).
  • In this first half of 2019, Emotet, Trickbot and Trace have been particularly active in the education space globally, with the three representing nearly half of all Trojans detected (44 percent) and more than 11 percent of all compromises

According to Malwarebytes Labs, schools and universities across Australia need to brace themselves for a continuing onslaught of cyberattacks.

Hurmuses said cybercriminals are opportunistic.

“The more devices connected to an education institution’s network, the more data that is generated and therefore the more tempting the attack”, he said.

“The Australian education sector often puts cybersecurity as a secondary item on their list of priorities, mostly due to limited budgets, lack of internal cybersecurity skills and outdated infrastructure.”

However, says Hurmuses, institutions need to understand that protecting endpoints is of “utmost importance”.

“It is paramount to prioritise investments in appropriate device protection solutions, and collaborate with students and their parents to raise awareness about basic endpoint cybersecurity hygiene,” he said.