Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Educational Institute. Show all posts

Role of Artificial Intelligence in Preventing Cyberattacks at K-12 Schools

 

Artificial intelligence (AI), according to cybersecurity professionals, might be a key component in averting ransomware attacks at K–12 institutions. There were roughly 1,619 ransomware assaults on school systems between 2016 and 2022, K12 Security Information Exchange (K12 SIX) stated. Sensitive information regarding kids, parents, and teachers has been made public as a result of these attacks, in addition to causing financial losses. 

A potential solution to this problem, according to Doug Levin, director of K12 SIX, is artificial intelligence. When IT staff is not accessible, he thinks AI can serve as a substitute set of eyes to keep a check on school networks. The technologies that schools already employ already include AI thanks to several manufacturers. This technology actively guards against cybercriminals trying to hack into systems and steal important data by keeping an eye on the network and taking preventative actions. 

“They’ve resulted in the publication of some incredibly sensitive information about students, about parents and about educators themselves,” explained Doug Levin. “One of the benefits of AI is that they can be that set of virtual eyes on the school networks when the IT staff are not able to do that.” 

However, Levin expressed his concerns regarding the expected high cost of implementing this cutting-edge technology into use. While AI could save schools from hiring more security-focused IT staff, the cost of these solutions might go up over time. 

The U.S. Department of Education has established a federal council to help school districts prepare for, respond to, and recover from such attacks in light of the growing threat posed by security incidents. 

Beyond the classroom, AI's potential for cybersecurity exists. It is increasingly being used to detect and prevent threats in an array of enterprises. AI can enhance security measures and offer early warnings for potential threats thanks to its capability to analyse vast quantities of data and detect patterns. 

While AI has the potential to strengthen cybersecurity defences, it is vital to continue to be on guard and prioritise cybersecurity education and training for all parties involved in the educational systems. Education institutions' level of safety can be significantly improved by better education combined with cutting-edge technologies like AI.

Data Breach from Accreditation Org Exposes Sensitive Data of Educational Institutions

 

Jeremiah Fowler, a cybersecurity researcher, has disclosed an extensive data breach that has caused significant worries regarding the safety of sensitive data in the education sector. A staggering 682,438 records concerning educational institutions were found in an unencrypted database that Fowler discovered.

The exposed data belongs to the Southern Association of Independent Schools, Inc (SAIS), a well-known non-profit organisation that assists schools and educators throughout the United States and numerous other countries. 

The data dump featured a huge array of sensitive information spanning from 2012 to 2023, making it a gold mine for potential cyber thieves. The hacked documents included student and instructor data, health information, social security numbers (SSN), active shooter and lockdown notices, school maps, financial budgets, and other information. 

Confidential third-party security research assessing flaws in school security, camera positions, access points, and other crucial information that could represent a real-world security risk to students and faculty were of special concern.

The compromised database contained an incredible 572.8 GB of data in several file forms, including PDF, Excel, PPTX, doc, docx, png, jpg, and pages.


Potential threats and implications 

According to Fowler's blog post, the compromised records included student PII, private medical information, teacher background checks, pay information, and interview details. Additionally, the hack exposed budgets, financial reports, vehicle registrations, insurance policies, tax records, training materials, and a large amount of other unrelated information. 

The data breach highlighted a variety of potential threats, from simple extortion to more complex identity theft and financial crimes. Criminals who gain access to such private information may use it to commit fraud, such as applying for credit or loans in the names of educational institutions. 

Safety measures 

Schools, educational institutions, and accreditation authorities must give top priority to installing fundamental security measures like firewalls, encryption, and multi-factor authentication if they are to reduce potential threats in the future. 

Additionally, to effectively address and manage data breaches, should they occur, detailed incident response plans should be established, as well as routine employee training on cybersecurity best practices.

Thousands of University Wi-Fi Networks Dislcose Log-In Credentials

 

Multiple configuration vulnerabilities in a free Wi-Fi network used by several colleges can enable access to the usernames and passwords of students and teachers who connect to the system using Android and Windows devices, according to the findings by researchers. 

WizCase researchers lead by researcher Ata Hakçl evaluated 3,100 Eduroam setups at universities throughout Europe and discovered that more than half of them have vulnerabilities that threat actors might exploit. 

They noted that the risk of misconfiguration might spread to other companies throughout the world. Eduroam offers free Wi-Fi access at participating institutions. It provides log-in credentials to students, researchers, and faculty members, allowing them to access the internet across many universities by utilizing credentials from their own university. 

Researchers found vulnerabilities in the execution of the Extensible Authentication Protocol (EAP) used by Eduroam, which offers numerous levels of authentication when individuals connect to the network. Some of these authentication steps are not implemented properly in some colleges, causing security flaws.

Researchers wrote in a report posted Wednesday, “Any students or faculty members using Eduroam or similar EAP-based Wi-Fi networks in their faculties with the wrong configuration are at risk.” 

“If you are using an Android device and have Eduroam Wi-Fi set to auto-connect, malicious people could capture your plaintext username and password by only getting 20 or so meters in the range of you.” 

WizCase evaluated several configuration guidelines and built a test environment with multiple attack scenarios for the study. Overall, their analysis indicated that in the majority of institutions with misconfigured networks, threat actors may establish an “evil twin”, Eduroam network that a user would mistake for the actual network, especially on Android devices. 

Referring to Eduroam's catalogue application that performs certificate checks, researchers stated, “This could result in these devices automatically sending their stored credentials in order to connect to the evil twin Wi-Fi network for users not using eduroamCAT.” 

Researchers emphasized that the issue is not due to any technical flaw in Eduroam's services or technology, but rather due to improper setup instructions provided by the institutions' own network administrators to those setting up access. 

Moreover, while each institution supplies resources and personnel to assist Eduroam functioning, researchers discovered that there is no centralized management for the network – either as a whole or at each university where the system is in place. This signifies that a minor misconfiguration may make it a target for hackers. 

Researchers narrowed down the issue further by dissecting the numerous consecutive steps of EAP authentication, discovering that inadequate implementation of the last level of this authentication, known as "Inner Authentication," is at the foundation of the problem. Inner Authentication is accomplished in one of two methods in EAP. 

One method is to utilize the Plain Authentication Protocol (PAP), which sends users' credentials to the authentication server in plaintext and relies on Outer Authentication to completely encrypt the traffic with a server certificate. 

The alternative method utilizes Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2), which understands that there may be errors in the “Outer Authentication stage, and transfers the password in a hashed, non-plaintext form. 

Mismanaged Certificate Checks 
“When a network with the same Wi-Fi name appears, Android devices will not check whether this certificate is trustworthy or not, and will not even notify the user about the certificate before connecting,” they explained. 

Even an operating system that properly performs certificate checks can disclose data since many users do not understand what a certificate check implies and will permit the connection to proceed even if they get an alert concerning the certificate. 

According to the researchers, this indicates that the problem can arise on Windows as well if a system is misconfigured. iOS devices are not vulnerable to the vulnerability since they do not enable connections to EAP networks without first installing the EAP configuration file, which ensures the validity of the server-side certificate. 

As per the researchers, 2,100 of the 3,100 Eduroam participating university setups examined by WizCase are possibly impacted by the issue. 

According to the firm, it may be prevented by returning to the second technique of Inner Authentication. WizCase contacted Eduroam in December to share their results and received a response the same day. 

In accordance with WizCase, Eduroam officials stated that they are aware of “Eduroam identity providers who do not follow the requirements of the Eduroam policy and leave their own users unprotected,” agreeing with researchers that this conduct is “unacceptable.” It is unknown whether Eduroam contacted its customers to alert them about the issue.

Howard University Cancels Online and Hybrid Classes After Ransomware Attack

 

Washington, D.C’s Howard University, one of the largest Black Schools in the United States, has canceled online and hybrid classes as it continues to investigate a ransomware attack on its computer network.

The security breach was identified on September 3, just weeks after students returned to campus when the University’s Enterprise Technology Services (ETS) noticed “unusual activity” on the University’s network and intentionally shut it down in order to mitigate the risk and to investigate the incident. 

There has been no evidence to suggest that private details of their 9,500 undergraduate and graduate students were retrieved or stolen, but the investigation is still active, the university wrote in a statement.

“Based on the investigation and the information we have to date; we know the University has experienced a ransomware cyberattack. However, our investigation remains ongoing, and we continue to work toward clarifying the facts surrounding what happened and what information has been accessed,” the statement said. 

Howard University canceled classes to determine the impact of the ransomware attack, only essential employees were allowed to continue their work. Campus Wi-Fi will also be down while the investigation is underway, though cloud-based software will remain accessible to students and teachers.

“This is a highly dynamic situation, and it is our priority to protect all sensitive personal, research, and clinical data. We are in contact with the FBI and the D.C. city government, and we are installing additional safety measures to further protect the University’s and your personal data from any criminal ciphering,” the university said.

But the university warned that that remediation will be “a long haul — not an overnight solution.”

Howard University is the latest educational institution to be hit by a ransomware attack since the start of the pandemic, with the FBI’s Cyber Division warning that attackers have changed their strategies and are currently focusing heavily on schools and universities due to the widespread shift to remote learning.

Last year, the University of California paid $1.14 million to NetWalker attackers after they encrypted data within its School of Medicine’s servers, and the University of Utah paid hackers $457,000 to prevent them from releasing data stolen during an attack on its network. 

In 2021 only, ransomware attackers have targeted 58 U.S. education organizations and school districts, including 830 individual schools, according to the report published by Emsisoft threat analyst Brett Callow last month. Emsisoft estimates that in 2020, 84 incidents disrupted learning at 1,681 individual schools, colleges, and universities. 

"The attack on Howard University is yet another sign that cyberattacks are global, interconnected, and evolving. Hackers, drawn by the lucrative potential of holding business-critical data hostage, are launching more sophisticated attacks every day,” Stephen Manley, the chief technology officer at Druva, a data protection software company, said in a statement.