FBI and CISA Warn of Increased Malicious Attacks against K-12 Schools


A recent cybersecurity advisory released by the FBI, CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) warns of increased cyber threats targeting K-12 schools in the United States.

The alert emphasizes that attacks aimed at educational institutions are expected to continue throughout the academic year. Specifically, ransomware, Trojans and distributed denial-of-service (DDoS) attacks may lead to data theft and disruption of online learning services.

“According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year,” the advisory reads. “In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.”

Ryuk, Maze, Nefilim, AKO and Sodinokibi/REvil were the top five ransomware variants to have caused major disruptions to K-12 schools in 2020.

“In these attacks, malicious cyber actors target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions, including distance learning,” the alert explained. “Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.”

DDoS attacks and video conference disruptions have also increased this past year. As the report notes, DDoS attacks have frequently prevented students and teachers from conducting distance-learning classes. Verbal assaults against students and exposure of sensitive information during disrupted video conference sessions also made the cybersecurity advisory threat list.

“Numerous reports received by the FBI, CISA, and MS-ISAC since March 2020 indicate uninvited users have disrupted live video-conferenced classroom sessions,” the alert notes. “These disruptions have included verbally harassing students and teachers, displaying pornography and/or violent images, and doxing3 meeting attendees.”

To minimize security risks and further disruptions of the remaining school year, the report provides a list of best practices for educational institutions and individuals alike. Students, faculty members and parents are advised to report suspicious or cybercriminal activity to local FBI field offices, providing as much information as possible.