Industry News

Over 1 in 5 Cybersecurity Threats Targeted Professional Education from April to June: Mimecast Report

By Henry Kronk
August 06, 2019

Between April and June of this year, more than 1 in 5 malware attacks tracked by the cybersecurity firm Mimecast targeted the professional education industry. The sector was far and away the highest-hit by spam campaigns, garnering 21.5% of the attacks. IT and SaaS came in second place at 8.87%.

Mimecast published these results in their Mimecast Threat Intelligence Report. During the period, the company tracked 160 billion emails, 67 billion of which were malicious.

Private Education Got Swamped by Coordinated Attacks Using Adwind, Spam, and Other Tactics

By their definition, professional education includes “private educational companies, colleges, institutes, and training providers.” The firm detected a concentration of cybersecurity threats specifically between May 6 and May 9. The campaign relied primarily on the malware known as Adwind (or jRAT). Adwind was first detected in December of 2014, and the firm says it “recently updated its attack methodology.”

The firm suggests that Adwind was used in this way because professional education typically sees consistent movement of students through their program.

As the authors write, “Research suggests that the sector’s attack rate was significantly higher than others due to constantly changing student populations that are unlikely to have high security awareness, and the potential for attackers to get access to personal data. Attackers may also recognize that such educational institutions are harder to defend because of the apparent conflict between their inherent openness for academic reasons and the need to protect high-value research conducted for government and industry partners.”

Mimecast discusses four main styles of malicious attacks in their report: spam, impersonation attacks, targeted attacks, and opportunistic attacks.

As the researchers write, “The most unusual activity seen during the research period targeting this sector was a massive increase in blocked spam threats on April 16, 2019 jumping to a peak more than eight times higher than the normal daily volume, as shown in Figure 19. A similar spike was observed on May 20, 2019 for Targeted Attack threats, but even at the peak, volume was significantly lower than the other threat types. Research revealed that this spike was related to .zip files that contained malicious Microsoft Office (Excel or Word) files that downloaded a trojan linked to the TA505 threat actor group.”

Cybersecurity Is a Growing Priority in Education Across the Spectrum

Zooming out, Mimecast identifies several trends in the evolving tactics of hackers targeting professional education and other sectors. The authors write that hackers are tending to expand both their simple, “lowest-common-denominator” attacks along with highly sophisticated probes using “obfuscation, layering, and bundling of malware in an effort to avoid detection.”

But in their conclusion, the authors write, “even the simple is becoming more complex – this is certainly the case for attack vectors and needs to be the case for an organization’s security controls as well.”

Mimecast recommends every business and institution maintain robust cybersecurity training and practices among its members.

The analysis of of cybersecurity in the professional education sector mirrors previous conclusions and warnings.

In September of last year, the Federal Bureau of Investigation (FBI) issued a public warning that cybersecurity threats were increasingly targeting primary and secondary schools. The Bureau reportedly identified numerous cybersecurity events and attacks at districts around the U.S.

“They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information,” the PSA reads. “The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets. In response to the incidents, the Department of Education released a Cyber Advisory alert in October 2017 stating cyber criminals were targeting school districts with weak data security or well-known vulnerabilities to access sensitive data from student records to shame, bully, and threaten children.”

Institutions of education—whether private or public—present a big target to hackers, and because students move through them often more quickly than employees at a company or organization, instilling best cybersecurity practices presents a greater challenge.

Read the full report here.

Featured Image: Kaur Kristjan, Unsplash.