What School Leaders Need To Know About Organized Cybercrime

Republished By Plato

Followers: 0

Cyberattacks against K-12 schools continue to climb in both number and scale. Such attacks can have serious repercussions; according to a recent report from the Government Accountability Office, “officials from state and local entities reported that the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time ranged from two to nine months.”

These attacks aren’t just being carried out by disgruntled students or “lone wolf” types. Increasingly, schools are becoming targets of organized cybercrime organizations. The FBI, CISA and the MS-ISAC issued warnings at the start of this school year, anticipating attacks may increase as criminal ransomware groups perceive opportunities for successful attack.

The rise of Ransomware-as-a-Service

Many of the recent prominent attacks against schools have been perpetrated by organized crime – and they’re often using what’s known as Ransomware-as-a-Service (RaaS). This is a subscription-based model that allows partners (affiliates) to use ransomware tools that someone else has already developed. The affiliates earn a percentage of the profits if the attack is successful, so there’s plenty of incentive. RaaS makes it easier to pull off more attacks more quickly, which has made it very popular.

Recent research found that ransomware threats remained at peak levels in the latter half of 2022 – with new variants being enabled by RaaS. In 2022, 82 percent of financially motivated cybercrime involved the employment of ransomware or malicious scripts. And not only are bad actors continuing to introduce new strains of ransomware, but they’re also upgrading, modifying, and reusing old ones. The result: Attacks that are more complex and damaging. RaaS appears to be the driving force behind it all.

RaaS is an indicator of what’s to come

The dark web is starting to host an increasing number of additional attack vectors as a service, and this will significantly increase the availability of what’s known as

Cybercrime-as-a-Service (CaaS). It includes new criminal strategies, such as the sale of access to already-compromised targets, will develop in addition to the sale of ransomware and other malware-as-a-service offers.

Bob Turner, Field CISO for Education, Fortinet

Bob Turner has years of experience as a higher education executive, board member, and thought leader with a focus on cybersecurity strategy and leadership, information assurance and business continuity planning, and information technology management. At Fortinet, he is the CISO for K-12 and higher education acting as a senior level strategic business and technical advisor for the cybersecurity community and business executives. Previously, Turner was a cybersecurity executive and Director of the Office of Cybersecurity reporting to the Chief Information Officer/Vice Provost for Information Technology at the University of Wisconsin at Madison. There, he built a cybersecurity team of 60+ cybersecurity experts delivering all cybersecurity services as well as improved university IT policy development by working with distributed IT and faculty governance groups to ensure cohesive approach to IT policy, governance, audit, and cybersecurity operations.

Latest posts by eSchool Media Contributors (see all)