A successful phishing campaign needs certain elements, and one of these elements is convincing recipients that messages are from a legitimate organization. Most emails trick users into divulging sensitive information or convince them to click a link that leads to an attacker-controlled site. Others trick users into downloading an attachment with malicious content. College kids are the most recent targets for a phishing campaign that contains messages pretending to be the school library where students must renew their card to continue using it.
According to the latest Verizon Data Breach Incident Report for 2019, the education sector is the fifth most targeted industry and it continues to be a growing trend. The reason behind the mass targeting is because of the numerous data points available to attackers after a successful phishing campaign. Students are less likely to have any education and training for identifying phishing attacks. Without any kind of training, users are more vulnerable to phishing and divulging sensitive information.
The current campaign email and malicious landing page ask students to enter their personal contact information along with a password to access the fake university website. In many cases, students and other users implement the same password across numerous accounts. After the attacker obtains the user’s password, he will try to use it along with the user’s email against other accounts on the Internet that could give him access to bank accounts, financial information, or additional personal data.
Like most phishing email messages, the message intends to compel the user to click the link and quickly enter information or the account will be canceled. The message is the following:
“Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!”
Attackers have put effort into the current phishing campaign and append a name and university address as the signature. The address is customized to the student’s university, making it seem more legitimate to the recipient. Students are asked to click an embedded link and enter their username and password on the attack page. The landing page looks like an official university library web page with elements belonging to the official university. It even has a checkbox where users can check if they want to stay logged into the application.
Phishing isn’t the only motive for attackers. Ransomware is also a common theme for education attacks. Ransomware encrypts important files so that victims can only get their data back if they pay a fee. This fee can be anywhere from a few hundred dollars to a few thousand.
Ransomware attacks mainly start with phishing. Attackers spoof email sender addresses and spear-phish with links or attachments that target recipients with elevated privileges. Even low-privileged users can be used as targets when the main goal is to encrypt files for money. Attachments and links to attacker-controlled sites are used to trick users into downloading the malware. Attacks can be multifaceted as malicious content could download additional malware and give attackers remote control of the local machine.
Ransomware is targeted towards businesses including universities to put them in a situation where they must pay the fee or have a devastating impact on daily productivity. Students can still be a target, but universities and other businesses provide a higher chance of success for the attacker. Some phishing campaigns are coupled with ransomware for maximum effectiveness. The attacker can obtain passwords and personal information from the targeted user as well as earn revenue from the attacks.
The huge cost of attacks has seen educational institutions take out insurance policies, which typically pay the ransom in the event of an attack. While this is preferable financially for the schools, it ensures that the attackers get their pay day. Some studies have suggested that attackers are choosing targets based on whether they hold insurance, although the jury is out on the extent to which that is the case.
In total, 49 school districts and around 500 K-12 schools have been affected by ransomware attacks this year. While the ransomware attacks on school districts have been spread across the United States, schools in Connecticut have been hit particularly hard. 7 districts have been attacked, in which there are 104 schools.
Emails sent to student addresses are controlled by university administrators. Administrators can implement email filters that trap malicious messages and quarantine them for further review. Filters placed on a university’s email system will greatly reduce the chance that a targeted phishing campaign will be successful.
Security for email messages come in several forms. The first is using Domain-based Message Authentication, Reporting & Conformance (DMARC) security against spoofed email messages. DMARC can be customized by the administrator to determine the right quarantine trigger, and any false positives can be remedied and sent to the recipient’s inbox. The right DMARC system will limit the number of false positives and attempt to “learn” which messages are malicious versus which ones should be sent to the user’s inbox.
DNS-based web content filters are an additional feature that blocks malicious sites from ever being accessed. Users who fall for phishing schemes by clicking a link will not be able to access a website. These websites are categorized as malicious, and the administrator can receive alerts when users attempt to access them.
Using the right cybersecurity tools, administrators can protect students and faculty from phishing and ransomware attacks. DMARC and DNS-based content filters greatly reduce an attacker’s ability to perform a successful phishing attack, which saves both the university and students from costly mistakes.
You may also be interested to read this recent article on 6 Cybersecurity Challenges that K12 System Face Today.
Are you an IT professional at a school, that wants to ensure sensitive school, student, and staff data and devices are protected? Talk to a specialist or Email us at firstname.lastname@example.org with any questions.
Sign-up for email updates...