Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Schools. Show all posts

Rise in Phishing Attacks Targeting US Schools Raises Concerns

 



Through a recent report by PIXM, a cybersecurity firm specialising in artificial intelligence solutions, public schools in the United States face a significant increase in sophisticated phishing campaigns. Threat actors are employing targeted spear phishing attacks, utilising stealthy patterns to target officials in large school districts, effectively bypassing Multi-Factor Authentication (MFA) protections.

Since December 2023, there has been a surge in MFA-based phishing campaigns targeting teachers, staff, and administrators across the US. The attackers, identified as the Tycoon and Storm-1575 threat groups, employ social engineering techniques and Adversary-in-the-Middle (AiTM) phishing to bypass MFA tokens and session cookies. They create custom login experiences and use services like dadsec and Phishing-as-a-Service (PhaaS) to compromise administrator email accounts and deliver ransomware.

The Tycoon Group's PhaaS, available on Telegram for just $120, boasts features like bypassing Microsoft's two-factor authentication. Meanwhile, Microsoft identifies Storm-1575 as a threat actor engaging in phishing campaigns through the Dadsec platform. The attacks involve phishing emails prompting officials to update passwords, leading them to encounter a Cloudflare Captcha and a spoofed Microsoft password page. If successful, attackers forward passwords to legitimate login pages, requesting two-factor authentication codes and bypassing MFA protections.

The attacks commonly target officials such as the Chief of Human Capital, finance, and payroll administrators. Some attempts involve altering Windows registry keys, potentially infecting machines with malicious scripts. The attackers conceal their tracks using stealth tactics, hiding behind Cloudflare infrastructure and creating new domains.

Despite using CAPTCHAs in phishing attacks providing a sense of legitimacy to end-users, there's potential for malicious trojan activity, including modifying Windows registry keys and injecting malicious files. These attacks can result in malware installation, ransomware, and data exfiltration.

Schools are the most targeted industry by ransomware gangs, with student data being a prominent prey of cybercrime. A concerning trend shows unprecedented data loss, with over 900 schools targeted in MOVEit-linked cyber attacks. Recent data leaks, such as the one involving Raptor Technologies, have exposed sensitive records belonging to students, parents, and staff, raising concerns about student privacy and school safety.

To protect against these phishing attacks, organisations are advised to identify high-priority staff, invest in tailored awareness efforts, caution users against suspicious links, and implement proactive AI-driven protections at the browser and email layers.

To take a sharp look at things, the surge in phishing attacks targeting US schools states the significance of cybersecurity measures and the need for increased awareness within educational institutions to safeguard sensitive information and ensure the privacy and safety of students and staff.


AI Knife Detection System Fails at Hundreds of US Schools

 

A security company that provides AI weapons scanners to schools is facing new doubts about its technology after a student was assaulted with a knife that the $3.7 million system failed to identify.

Last Halloween, Ehni Ler Htoo was strolling in the corridor of his school in Utica, New York, when another student approached him and attacked him with a knife. The victim's lawyer told BBC that the 18-year-old received many stab wounds to his head, neck, face, shoulder, back, and hand. 

Despite a multimillion-dollar weapons detection system built by a company called Evolv Technology, the knife used in the attack was carried inside Proctor High School. 

Evolv claims that its scanner "combines powerful sensor technology with proven artificial intelligence" to detect weapons rather than just detecting metal. The system issues an alert when it discovers a concealed weapon, such as knives, bombs, or weapons. It previously promised that its scanners might aid in the creation of "weapons-free zones" and has openly asserted that their equipment is very accurate. 

According to Peter George, the company's chief executive, its systems "have the signatures for all the weapons that are out there." Knives, explosives, and firearms are among the weapons that the system can locate, according to earlier news releases. 

After Evolv's scanner missed 42% of large knives in 24 walk-throughs, a BBC investigation conducted last year discovered that testing proved the technology could not reliably detect large blades. 

Major American stadiums as well as the Manchester Arena in the United Kingdom employ the system. According to the testers, Evolv should alert prospective customers. Despite this, the company has been growing in the educational sector and currently claims to be present in hundreds of schools across the US. 

Stabbing incident

The Utica Schools Board purchased the weapons scanning system from Evolv in March 2022 for 13 schools. Over the summer break, it was erected.

The attacker who attacked Ehni Ler Htoo was seen on CCTV entering Proctor High School and going through the Evolv weapons detectors on October 31.

"When we viewed the horrific video, we all asked the same question. How did the student get the knife into the school?" stated Brian Nolan, Superintendent of Utica Schools.

The knife employed in the stabbing was more than 9in (22.8cm) long. The attack prompted the school system in Utica to conduct an internal investigation.

"Through investigation it was determined the Evolv Weapon Detection System… was not designed to detect knives," Mr Nolan added. 

Ten metal detectors have taken the place of the scanners at Proctor High School. The remaining 12 schools in the district, though, are still using the scanners.

According to Mr. Nolan, the district cannot afford to remove Evolv's system from its remaining schools. Since that attack, three additional knives have been discovered on kids at different schools in the district where the Evolv systems are still in use. 

One of the knives measured 7 inches. Another had a blade with finger holes that was bent. There was also a pocket knife. According to Mr. Nolan, none of them were discovered by the weapons scanner; instead, all of them were discovered because staff members reported them. 

Evolv's stance 

The language on Evolv's website was altered following the stabbing. 

Evolv had a title on its homepage that bragged about having "Weapons-Free Zones" up until October of last year. The corporation afterwards modified the language to "Safe Zones" and omitted that phrase. Now it says "Safer Zones" after another modification. 

The company asserts that its system locates firearms using cutting-edge AI technology. However, its detractors claim that not enough is understood about the system's operation or how well this technology detects various kinds of weaponry. 

Evolv has overstated the effectiveness of the device, according to Conor Healy of IPVM, a company that evaluates security technology. 

"There's an epidemic of schools buying new technology based on audacious marketing claims, then finding out it has hidden flaws, often millions of dollars later. Evolv is one of the worst offenders. School officials are not technical experts on weapons detection, and companies like Evolv profit from their ignorance."

LAUSD Computers are Breached via Cybercriminals

According to Los Angeles Unified School District (LAUSD), the second-largest school district in the U. S., the Vice Society ransomware group has stolen files containing private information, including Social Security Numbers, from contractors (SSNs).

Additionally, LAUSD disclosed that the threat actors were present on its network for more than two months, from July 31 to September 3, 2022. The group claimed to have stolen 500 GB of data from the school system's systems to BleepingComputer before distributing the stolen material, but they offered no supporting documentation.

Experian's IdentityWorksSM, which aids in detecting information misuse, is being made available to contractors and their staff members by LAUSD for free for a year. The FBI, CISA, and MS-ISAC jointly released an advisory warning of Vice Society's excessive targeting of the U.S. education sector on the day LAUSD reported the ransomware attack. Hackers replied to L.A. Unified's refusal to pay a ransom by exposing the data they obtained into the dark web, where other nefarious characters may use it for identity theft.

The school district declared it would not comply with the cybercriminals' ransom demands in order to better utilize the money for its students and their education, the ransomware group released data from LAUSD.

Data theft is simply one aspect of an operation. The second step entails encrypting computer systems so that users are unable to access them and daily business is rendered impossible. Although basic tasks, such as classroom instruction and record-keeping, were more challenging for approximately two weeks, hackers were able to encrypt systems in the district's facilities division. Schools never had to temporarily close, as in other places when various school systems were targeted.

The revelation in the notice came as no surprise to cybersecurity professionals. They anticipated that an examination would show the system intrusion started earlier than was initially reported. Officials from the school district did not disclose the number of potential victims. When there are more than 500 California citizens affected, the required number for public notification, a notice letter should be filed with the state attorney general in addition to notifying the victims.

A Ransomware Attack Hit Two Michigan Schools

In response to a ransomware attack, two Michigan school districts have shuttered. Kevin Oxley, the superintendent of the Jackson County Intermediate School District, announced that until Wednesday school would remain closed.

In order to look into the incident and get support in re-establishing their systems in a secure manner, the schools alerted law enforcement and hired external cybersecurity advisors.

According to Det. Lt. Mike Teachout of the Michigan Cyber Command Center, the district got in touch with the organization. This organization is in charge of coordinating the joint efforts of the emergency response to cyber occurrences in Michigan.

The schools encouraged everyone to abstain from using any school-issued gadgets as a precaution.

According to Kevin Oxley, "This intrusion occurred because we were victims of a ransomware attack that was spotted over the weekend. Credits to overnight work by our tech staff and cybersecurity professionals. We actively shut down networks as soon as we noticed suspicious behavior in order to contain the situation."

While restoration efforts are ongoing, Oxley stated that getting students back in class on Thursday was the first priority. "We prioritized bringing vital systems back up to allow us to safely restart operations and reopen school buildings across Jackson and Hillsdale counties," Oxley said.

Over 24,000 pupils are enrolled in the district. According to officials, Hillsdale Community District Schools, whose technology services are provided by a county consortium, were also impacted by the incident.

A wide range of facility operations, including but not limited to heating, telephones, and classroom equipment, were affected by the cyberattack that transpired over the weekend of November 12–13, forcing schools in Jackson and Hillsdale counties to cancel classes for the whole week. As of yet, no cybercrime organization has been held responsible for the attack.

The Los Angeles Unified School District, one of the largest school systems in the US, was the victim of a ransomware attack in September. School districts that are a prime target for ransomware gangs now must exercise caution. 




Ransomware Targeted Almost 1,000 Schools in US This Year

 

Ransomware attacks against the US schools are on a surge, experts say threat actors are actively targeting schools as classrooms switched to remote learning last year.

According to tallies by Emsisoft and Recorded Future – cybersecurity firms known for tracking and investigating ransomware attacks  almost 1,000 schools across the United States have suffered a ransomware attack this year. 

Threat actors targeted 985 schools across 73 school districts and it’s very likely there are some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000, said Brett Callow, a researcher at Emsisoft. 

The list shared by Callow includes high-profile schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.

“There is a huge jump in ransomware attacks hitting schools starting in 2019 and that trend is accelerating,” Allan Liska, cybersecurity researcher at cybersecurity firm Recorded Future told Motherboard in an online chat.

There is no denying that 2021 is the year of ransomware but there are some good stories too. Earlier this year, when threat actors targeted the Affton School District in Missouri, the district had to cancel classes for a day out of precaution, but the attackers were not able to encrypt any critical computer or system, as the entire school was operating on Google’s cloud, according to Adam Jasinski, the district’s head of IT.

“While school districts are falling victim to ransomware at the same rate as ever, it seems that fewer large districts are now being hit. And that could be cause for hope,” Callow told Motherboard in an email. “If larger districts have been able to up their security game, smaller districts can too. We just need to work out what shortcomings exist and ensure they have the resources to address those shortcomings.” 

“The increased efforts by governments, law enforcement, and private-public sector initiatives seem to be paying off and we’re seeing more wins. Cybercrime operations are being disrupted, and their revenue streams are being disrupted which, combined, alters the risk/reward ratio and will hopefully disincentivize attacks,” he added.