Grade-school learning environments are critical to any society. School administrators, parents, and education software vendors must take steps to defend against cyber attacks.
Updated January 28, 2021
Life online exposes us to those with malicious intent. However, there are steps that every person can take to minimize the possibility of confronting online dangers. There currently exists a threat to online learning environments of grade schools in the United States. This declaration arrives from Civic Hacker's threat hunting1 and threat modeling2 know-how. Civic Hacker encourages relevant parties to use the enclosed information to develop plans to resist this cyber threat.
Civic Hacker monitors numerous data sources, including feeds related to cyber threats. Throughout December 2020, we detected a curious progression of cyber threat-related incidents. Below is a timeline of notable events with descriptions.
November 30, 2020. WAFF48, a Huntsville news station, reported that Huntsville City Schools computer network was infected with ransomware3, a kind-of cyber attack.
December 1, 2020. The U.S. Cybersecurity Emergency Readiness Team (US-CERT) publishes an alert entitled Advanced Persistent Threat Actors Targeting U.S. Think Tanks.
On the same day, WAFF48, publishes a story that Huntsville City Schools would be closed for the remainder of the week, at least.
December 5, 2020. A security researcher published a full disclosure of a Vulnerability that impacted Microsoft Teams, collaboration software in use in many school districts.
December 7, 2020. WAFF48 continues their coverage on the ransomware attack on Huntsville City Schools that includes a statement from school system to informing the public that the incident is still in progress.
December 8, 2020. It was disclosed that via a Supply-Chain attack on the SolarWinds product led to FireEye, a CyberSecurity firm (read: Think Tank), detected a breach that involved exfiltration of their Hacking tools.
December 10, 2020. US-CERT publishes an alert entitled Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data. Their report includes a list of likely malware and techniques used by those targeting virtual learning environments.
December 13, 2020. US-CERT publishes the alert, Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations.
Civic Hacker recommends employing tactics to mitigate the likelihood of compromise. There's always more we can do to protect ourselves online - here's a list to get you started.
For school administrators:
For vendors of education software or partners to schools: