Posted on September 7, 2022 at 11:21 AM
Hackers Breached Second-Largest US School District
Log Angeles Unified has suffered a heavy infrastructure disruption due to a hacking attack. However, classes will continue taking place as usual despite the incident. The second-largest school district in the US suffered the attack over Labor Day weekend. Officials said they do not expect major issues with teaching or other services like food and transportation. However, business operations can be delayed.
The district has more than 600,000 students from kindergarten through 12th grade. It expects to maintain its scheduled classes as usual on Tuesday.
The district, in a statement, noted that it has continued to assess the situation since the identification of the incident. It has contacted law enforcement and other security agencies to help with the investigation to take further actions on the matter.
The district added that a “response protocol” has been implemented to mitigate the districtwide disruptions for applications, computer systems, access to email, and other areas.
The threat actors seemed to have targeted the facilities systems that have details about private-sector contractor payments. These details are publicly available, and the nature of the attack shows that the hackers were not after confidential details like health, payroll, and other data.
The Attacks Came From Foreign Operators
The authorities believe that the attack came from foreign threat actors and three potential countries have been identified. But Alberto Carvalho, the Los Angeles Unified superintendent, did not specify which countries.
The district has also noted that the response and investigation involve the White House, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Department of Education.
The attack is coming when ransomware is on the increase. More attackers are now targeting educational institutions regularly compared to the past. In August and September last year, 57% of ransomware incidents reported to the FBI involved K-12 schools while there were only 28% of such reports from January to July.
Co-founder and Chief Executive Officer of cybersecurity firm Keeper Security, Darren Guccione, said the egregious cyber attack is another example of the increasing menace of predatory cybercriminals. They are posing a great danger to everyone, including multinational organizations and young schoolchildren. Everyone is now a target and the most likely targets are the most vulnerable.
Also, digital security firm Sophos carried out a survey in 2021 which shows that 64% of higher education organizations and 56% of K-12 schools reported being attacked by some type of ransomware.
Educational Institutions Are Increasingly Becoming Targets
The surge in cyberattacks also comes when the Covid19 pandemic forced many employees to work from home using different devices to connect to their company’s server. This opened the doors and brought windows of opportunities for cybercriminals. During the same period, educational institutions were also affected, forcing them to have most of their activities online. Since most schools are not used to online security practices, it exposed them to a series of dangers from threat actors.
Earlier in January this year, the biggest school district in Albuquerque, New Mexico, affected schools, forcing them to close down for two days
In an FBI advisory released to schools in 2021, the agency suggested that educational institutions should give their employees more training on the best ways to protect themselves from cyberattacks. They should also be taught to monitor networks effectively for suspicious activities.
Measures Will Be Taken To Prevent Future Occurrence
According to Chief Technology Officer of cybersecurity firm Blumira, Matthew Warner, there are several reasons why schools have become an attractive target for threat actors.
Schools generally do not have enough funding for full-time IT staff while many students utilized their poorly secured devices to connect to portals. These have allowed hackers to launch attacks to breach networks.
Warner added that the shoestring budget of most IT heads in educational institutions makes it difficult to hire and retain well-qualified IT staff. As a result, they go for the less experienced or skilled ones who may not have a broader knowledge of comprehensive network security.
While the FBI has kept warning schools not to pay ransoms, some are still forced to pay as they go out of options to recover their files. 50% of higher education victims and 45% in K-12 are reportedly paying the ransom to recover their stolen data.
Although it’s unclear whether LAUSD has settled the attackers with a ransom payment, the district has called for an independent task force to prevent any future occurrence.