Security Fridays: Week 14Michael Urgero 17/07/2020, Industry News
Covid-19, Remote Education, and Ransomware
The combination of challenges that we have all been working through since the beginning of the year has sparked off yet another series of attacks. We all know that since roughly March of this year, remote work has become the standard of operation for many businesses. These businesses understand the value of their remote workforce and have already made investments in the security of remote connections. Although many companies do it differently, they generally keep the security of these access systems and the safety of the user community top of mind. We’ve missed something though. The educational system has also been equally affected and has sent kids home for remote instruction, and that comes with its own set of risks.
In the article referenced here, the FBI has issued a warning to K12 schools that attackers will likely target the remote connections used by staff and teachers. The problem is created, generally, because education systems have seldom used remote solutions like this before and simply don’t have budgets for the improved security systems that are needed to combat these sorts of opportunistic attacks. To further the problem, system administrators are opening up systems to the internet that they would normally never allow, and what’s worse is that they typically know better but have no other options. They know the risks; they have no budget and have to do it anyway.
The scope of the attack changes here. When an attacker penetrates a business, they generally look to steal data they can sell, like medical records, design works, blueprints, processes, and related. However, when an attacker can penetrate a K12 education system, there is not much in the way of data gathering. There is some staff data, but the low numbers of records mean that the heist would be of little value. There is much more money to be made deploying ransomware. Disabling the educational systems from providing services to students cripples the educational system and has a higher probability of forcing their hand to pay the ransom.
As of this publication, there have been 889 K12 Cyber Incidents across North America. When you look at the attack map found here it’s a bit alarming.
A cost-effective and straightforward multi-factor solution would play a pivotal role as a cornerstone to the security of the systems, in particular, RDP based connections, as described in the article. SecurEnvoy provides such a product. Our solution is deployable on-premise or from the cloud and has multi-factor security agents that can be loaded on desktops and servers to protect these systems from attack. Making things more difficult for a would-be attacker makes them think about the amount of time it will take for them to find another way into the system(s), and in the hacking business, time is money. For every day that they spend trying to break into a system that‘s been protected by a SecurEnvoy SecureIdentity Multi-Factor Authentication Solution, other hackers are spending their time deploying ransomware to softer targets and getting paid.
Read the article that was analysed here: https://www.zdnet.com/article/fbi-warns-k12-schools-of-ransomware-attacks-via-rdp/