Remote learning: A bounty for online cyberattackers
13 Aug, 2021 5 min read
On 26 April 2020, 189 countries across Asia, Europe, the Middle East, North America, and South America shut down schools marking one of the largest mass school closures in history. But today, more than a year since COVID-19 forced entire cohorts online, economies continue to flit in and out of lockdowns and schools are continuing to resort to remote or hybrid-learning arrangements.
In fact, as teachers and students gear towards a tech-powered future online learning could even become a more permanent fixture. This, of course, is made possible by the growing number of learning-assistance tools and software such as Microsoft's remote desktop protocol (RDP). It’s a secure network communications protocol that gives users remote access to their desktop computers. In the educational setting, this allows teachers to demonstrate new or difficult computer processes and provide hands-on assistance - particularly helpful where verbal guidance alone is not enough.
However, convenience aside, many education institutes are not aware just how easy it is for these RDPs to be abused by malicious hackers who can take control of computers remotely and access sensitive information. The problem is, as students have been spread wider and farther, it’s easier than ever for hackers to gain access to school networks.
In fact, as teachers and students gear towards a tech-powered future online learning could even become a more permanent fixture. This, of course, is made possible by the growing number of learning-assistance tools and software such as Microsoft's remote desktop protocol (RDP). It’s a secure network communications protocol that gives users remote access to their desktop computers. In the educational setting, this allows teachers to demonstrate new or difficult computer processes and provide hands-on assistance - particularly helpful where verbal guidance alone is not enough.
However, convenience aside, many education institutes are not aware just how easy it is for these RDPs to be abused by malicious hackers who can take control of computers remotely and access sensitive information. The problem is, as students have been spread wider and farther, it’s easier than ever for hackers to gain access to school networks.
School Networks Are Vulnerable to Cyberattacks
Cybersecurity firm, Darktrace, estimates that educational institutions are 16 times more likely than healthcare and retail organisations to experience cybersecurity attacks.
How could this happen you might be asking? Well, just like most industries, when the pandemic erupted, schools had to scramble to find ways to keep lessons running. Because of this, many remote learning tools and platforms were rolled out on a massive scale while they were still in their beta stages, even before they could be put to security tests and before the school staff could be properly briefed.
Case in point - a Californian school, Newhall School District, reported that its online lessons were held over 4,500 student devices and 1,000 wireless hotspots. This markedly raised the number of unsecured network entry points that could be used by cybercriminals.
True to form, disaster struck at Newhall School District in September 2020. A ransomware attack disabled all its internal servers, email services, and online learning portals. Parents and students were hastily warned to stay off school-connected devices until the malicious software could be wiped out of school systems completely.
The University of California San Francisco’s School of Medicine also experienced this first hand in June 2020. Cybercriminals launched ransomware that encrypted school servers to render them inaccessible. Once hackers launch their attacks, succumbing to their extortion is oftentimes the only way to regain lost access to IT systems. In this instance, UCSF forked out the US$1.14 million ransom.
How could this happen you might be asking? Well, just like most industries, when the pandemic erupted, schools had to scramble to find ways to keep lessons running. Because of this, many remote learning tools and platforms were rolled out on a massive scale while they were still in their beta stages, even before they could be put to security tests and before the school staff could be properly briefed.
Case in point - a Californian school, Newhall School District, reported that its online lessons were held over 4,500 student devices and 1,000 wireless hotspots. This markedly raised the number of unsecured network entry points that could be used by cybercriminals.
True to form, disaster struck at Newhall School District in September 2020. A ransomware attack disabled all its internal servers, email services, and online learning portals. Parents and students were hastily warned to stay off school-connected devices until the malicious software could be wiped out of school systems completely.
The University of California San Francisco’s School of Medicine also experienced this first hand in June 2020. Cybercriminals launched ransomware that encrypted school servers to render them inaccessible. Once hackers launch their attacks, succumbing to their extortion is oftentimes the only way to regain lost access to IT systems. In this instance, UCSF forked out the US$1.14 million ransom.
Students More Vulnerable to Online Predation Than Ever
Virtual learning has also opened other windows of opportunity for online predators. With predators now able to operate beyond school boundaries, it has become more difficult to protect children.
Case in point - in April 2020, Zoom lessons in Singapore were quickly suspended after hijackers entered Zoom streams and exposed underaged students to indecent material. Following the incident, Singapore’s Ministry of Education mandated secure log-ins by all teachers and students and prohibited the sharing of meeting links beyond students.
The problem is, such requirements are only stop-gap measures, they’re still reactive and overly reliant on the compliance of all teachers and students. What’s more, these security measures will still fail if passwords and other login data are leaked. User behaviour also creates another risk. A recent McAfee report identified students as one of the most digitally-vulnerable groups, with 30% of education breaches caused by students falling prey to email phishing and social-media misuse.
These problems are compounded by schools’ increasing incorporation of social media in their curricula. In a 2020-2021 Social Media Trends in Education report by Class Intercom, 95% of schools indicated they used social media as a communication means during the pandemic. Data breaches on social-media platforms are not uncommon. In May 2021, Facebook and LinkedIn admitted that the data of over 500 million of their users had been hacked into.
Case in point - in April 2020, Zoom lessons in Singapore were quickly suspended after hijackers entered Zoom streams and exposed underaged students to indecent material. Following the incident, Singapore’s Ministry of Education mandated secure log-ins by all teachers and students and prohibited the sharing of meeting links beyond students.
The problem is, such requirements are only stop-gap measures, they’re still reactive and overly reliant on the compliance of all teachers and students. What’s more, these security measures will still fail if passwords and other login data are leaked. User behaviour also creates another risk. A recent McAfee report identified students as one of the most digitally-vulnerable groups, with 30% of education breaches caused by students falling prey to email phishing and social-media misuse.
These problems are compounded by schools’ increasing incorporation of social media in their curricula. In a 2020-2021 Social Media Trends in Education report by Class Intercom, 95% of schools indicated they used social media as a communication means during the pandemic. Data breaches on social-media platforms are not uncommon. In May 2021, Facebook and LinkedIn admitted that the data of over 500 million of their users had been hacked into.
Collateral Damage Beyond Schools
Data breaches and malware attacks are not limited to schools, either. When devices are shared between members of the same household the risks magnify. Hackers can penetrate the databases of multiple organisations by infiltrating one device alone. This often occurs in households that do not have the luxury of providing each member with a personal electronic device. Siblings attending different schools may have to share devices with one another or with their parents. A lapse in judgement by any of the device users could grant unwitting access to cybercriminals.
This is where conventional wisdom would say that cybersecurity literacy kicks in. It’s advocated that parents have a role to play not just by assisting children with their school work but also guiding them in uploading files, attaching documents, and navigating virtual spaces. However, even as schools and governments step up digital-literacy education, cybercriminals are becoming more skillful and schools are becoming easier targets - there needs to be another way.
This is where conventional wisdom would say that cybersecurity literacy kicks in. It’s advocated that parents have a role to play not just by assisting children with their school work but also guiding them in uploading files, attaching documents, and navigating virtual spaces. However, even as schools and governments step up digital-literacy education, cybercriminals are becoming more skillful and schools are becoming easier targets - there needs to be another way.
Get an A+ with SecureAge Technology
The reality is, firewalls, anti-virus solutions and cyber literacy training is not enough. Educational institutes have been lulled into a false sense of security by these band-aid solutions, and it’s time we allow students to enjoy learning and exploration without the fear of hacking and online preying.
While an online search might show there are a range of security options in the educational sector, most of them do not protect 100% of your Data in all three states, and they do not proactively detect 100% of malware threats. The unknown is ignored, and outdated perimeters are still highly relied upon. That’s why SecureAge Technology designed our security solutions differently.
Since there’s now more students, with more devices, in more locations, the need for compliant, easy to use, and proactive file-level Data protection, and intuitive application control has skyrocketed. And, that’s exactly what our SecureAge Security Suite and SecureAPlus has been providing to some of the world’s leading educational institutes.
We’ve also pioneered a FREE grant program that gives 100% protection at ZERO cost. Under this grant program you get access to our intuitive AI-powered endpoint application control that has an 18-year history of ZERO malware attacks for government institutes and large enterprises.
Remember, just because you can’t control your endpoints, doesn’t mean you can’t minimise the threats. Let’s talk.
While an online search might show there are a range of security options in the educational sector, most of them do not protect 100% of your Data in all three states, and they do not proactively detect 100% of malware threats. The unknown is ignored, and outdated perimeters are still highly relied upon. That’s why SecureAge Technology designed our security solutions differently.
Since there’s now more students, with more devices, in more locations, the need for compliant, easy to use, and proactive file-level Data protection, and intuitive application control has skyrocketed. And, that’s exactly what our SecureAge Security Suite and SecureAPlus has been providing to some of the world’s leading educational institutes.
We’ve also pioneered a FREE grant program that gives 100% protection at ZERO cost. Under this grant program you get access to our intuitive AI-powered endpoint application control that has an 18-year history of ZERO malware attacks for government institutes and large enterprises.
Remember, just because you can’t control your endpoints, doesn’t mean you can’t minimise the threats. Let’s talk.