As our lives moved online in 2020 because of the COVID-19 pandemic, cybercriminals seized the opportunity to exploit the situation through targeted DDoS attacks. While all organizations have been vulnerable, K-12 schools have been shown to be particularly vulnerable.
The article below, originally published on GovCyberHub explores the reasons that educational institutions have been prime targets for cybercriminals and what EdTech leaders can do to become more secure and resilient in the face of on-going attacks.
We already know that cybercriminals have seized on the global COVID-19 pandemic as a sterling business opportunity. They have launched record-breaking numbers of DDoS attacks over the course of 2020, targeting lynchpin services such as financial services, Internet Service Providers (ISPs), communications service providers, and healthcare organizations with targeted DDoS extortion campaigns.
Now it appears that educational institutions are also disproportionately under attack.
A recent alert from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned of numerous reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors using ransomware, DDoS attacks, and video conference disruptions.

Remote learning is a vital lifeline to pandemic education, making it a clear target for malicious threat actors. Indeed, according to MS-ISAC data, ransomware attacks on K-12 schools spiked as the 2020 school year began. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared with 28% of all reported ransomware incidents from January through July. The alert noted that “adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.”
DDoS attacks against K-12 educational systems also rose, including third-party services that support distance learning. A DDoS attack occurs when cybercriminals or students overwhelm a network with hundreds of thousands of unnecessary requests or with traffic from a multitude and variety of sources, preventing legitimate application requests from being fulfilled and rendering the network, its services, and its applications unavailable.
A six-month review of worldwide education networks for DDoS activity by the NETSCOUT ATLAS Security Engineering and Response Team (ASERT) showed an increase of 25 percent this year over 2019—so far. Additionally, findings from the NETSCOUT Threat Intelligence Report 1H 2020 saw attacks against educational services grow 13 percent across the United States.
We expect heightened DDoS and ransomware attacks on our schools for the foreseeable future. And where are four reasons why:
• Ease of access due to the connectivity mission of schools, combined with the additional network traffic and expanded threat surface from students learning at home.
• The potential cache of valuable information that can be attained from the systems that universities and schools are required to run.
• The lure of the variety and volume of devices connected to these networks that can be employed for nefarious activities.
• The low bar to entry that makes it easy to launch a DDoS attack via do-it-yourself DDoS attack tools and DDoS-for-hire services.
Understanding this should be the motivation behind analyzing what your institution currently has in place to stop potential attacks, what you need to protect, and what you may be missing. The most important factor is to analyze whether you have the expertise in-house to implement an effective strategy, or whether looking for outside help is a better defense.
Click HERE to download a complimentary copy of the NETSCOUT 1H 2020 Threat Intelligence Report.