cyber attack

Almost all distance education networks in basic education in the US have been attacked

The distance education network of basic education in the United States is being continuously attacked by malicious attackers recently, and almost all of them are affected. Relevant educational institutions are becoming targets of blackmail attacks and data theft, and this trend will continue into the 2020/2021 school year.

This survey research comes from the joint research of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).


In this joint study, three government agencies warned that ransomware, spread, and DDoS attacks are major threats to distance education online education institutions in the United States for basic education.

At the beginning of the school year, there was an increase in attacks in the education sector, with cybercriminals stealing data and threatening to leak it unless a ransom was paid (just like business goals). In August and September, 57% of ransomware incidents reported to MS-ISAC involved American basic education, while from January to July, only 28% of all ransomware incidents reported involved American basic education.

According to aggregated data from open source and third-party incident reports, the families that affected basic education institutions in the United States from January to September were Ryuk, Maze, Nefilim, AKO, and REvil. For non-targeted attacks in this area, a variety of malware variants are provided, the most common ones are Shalyer, ZeuS, Agent Tesla, NanoCore and cryptocurrency mining tools.


Shlayer malware for macOS continues to evolve. Recently, its developers have proposed a trick to bypass Apple’s scanning of malicious code and code signing issues in software running on macOS 10.15 (Catalina) and later.

In the past two years, the Shlayer Trojan has been the most common malware on the MacOS platform. One-tenth of MacOS users have been attacked by it, accounting for 30% of the attacks detected by the operating system. The first samples were found on February 2018. month.

ZeuS is a long-standing Trojan horse program that was first detected in 2007 and has now become a letter-stealing program for banks/financial institutions.

Agent Tesla and NanoCore are both ready-made information theft tools and remote access tools, which are common tools in commercial email fraud.

Although cryptocurrency mining tools are not malware, they can slow down the system and increase energy consumption due to the increased power required for mining activities.

The FBI, CISA, and MS-ISAC alerts also warned that DDoS incidents would cause the normal operation of the basic education sector in the United States to be interrupted.

According to research, the reason for the increase in these attacks is that the availability of DDoS rental services allows anyone with no attack experience and technical capabilities to launch attacks, and any malicious attacker with attack motives can participate in the attack.

On the other hand, attackers access the conference by accessing links that are open to the public or external users, or use the names of students to trick the host into accepting their participation in the attack. Due to the increase in attack activities, many attackers will broadcast live education courses. Violence, pornography and other content were added to the Internet, which forced educational institutions to interrupt online educational activities to prevent adverse effects.

FBI, CISA, and MS-ISAC also emphasized the risks associated with social engineering, such as phishing, domain name plagiarism, targeting students, parents, teachers, IT personnel, or other people involved in distance education. Cyber ​​attackers can use these attacks to obtain personal identification information and passwords to induce users to visit malicious websites or spread malicious software.

So how can we defend against these attacks? In most cases, timely application of software updates, correcting misconfigurations, using strong and unique passwords, enabling multi-factor authentication, and disabling unnecessary ports should stop most cyber attackers .

The US government currently provides a comprehensive set of defense measures, as well as the Snort signature created by CISA to detect and defend against observed malware attacks.