Beginning on September 13th, the hacker group known as the TheDarkOverLord Solutions, the same hackers that breached Netflix’s servers, breached a Montana school district’s server [1] and stole personal information including addresses and medical records. The hackers made contact with school officials and families making violent physical threats late on Wednesday the 13th and the following Thursday. Schools across the area were closed down and extracurricular activities were cancelled the 14th-19th due to the threats, affecting over 15,000 students. On Monday night, the sheriff’s department released a 7-page ransom letter [2] that was sent to the school board demanding a bitcoin payment to stop the threats and prevent the release of the stolen information. Law enforcement including the FBI and other agencies are working diligently to identify the whereabouts of the hackers and have encouraged recipients to not make contact with the hacker or pay the ransom.
While there is no imminent threat of real physical harm due to the believed overseas nature of the hacking group, what is most concerning is how easily the hackers were able to access the district’s servers–they shutdown an entire community for multiple days and stole stockpiles of information on staff as well as past and current students.
The district has decided to not pay the ransom, so there is the potential for identity theft to occur if the hackers decided to release or sell the stolen personal information on the dark web. Details of how exactly the breech occurred have yet to be released; however, it is most likely to be a part of a mass malware distribution that discovered a vulnerability in the small Montanan community and is now affecting the lives of hundreds who had their information stolen.
Educational institutions must be prepared for cyber attacks. Cyber criminals are increasingly sophisticated and are non-discriminatory in their target selection as long as they believe they can make a profit. To prepare for, and mitigate, the effects of a cyber attacks, educational institutions must create a cybersecurity culture and focus securing information not perimeters.
Creating a Cybersecurity Culture
Cyber criminals seek out the easiest targets–those that lack cybersecurity awareness and have vulnerabilities such as an unprotected password. Therefore, many organizations can prevent cyber attacks through use of good cyber hygiene and the implementation of cybersecurity awareness.
Cyber hygiene is the practice of maintaining online safety. In organizations some steps to follow are:
- Ensure the network is private and protected
- Use strong unique passwords and update them appropriately
- Have employees utilize the organization’s email platform, not personal emails
- Use two-factor authentication whenever possible
(Next page: Cybersecurity awareness and securing information)
It’s also important to practice cybersecurity awareness. The biggest cyber threat to an organization is its employees, as employees often lack cybersecurity awareness and training and fall victim to phishing schemes (increasingly the most common form of cyber attack). Phishing is when the cybercriminal sends out an email that includes a malicious file or link that, when downloaded, begins installing malware on the computer and can spread throughout the system.
Spearphishing is a more sophisticated form where the hacker may spoof or use a similar email to someone the victim knows and trusts to either install malware or make requests for information or money.
Phishing attacks are extremely effective on organizations that lack cybersecurity awareness. It is most likely that the Montana school district fell prey to a phishing attack that allowed hackers to access their servers and steal the personal information.
To increase cybersecurity awareness in your organization, consider the following:
- Educate employees on phishing schemes
- Report all suspicious emails
- Be wary of overly generic emails
- Be conscious of spoofed email addresses
- Be aware of spearphishing, very sophisticated and highly-tailored attacks
- Ignore and report any emails requesting sensitive information or money
- Do not click on any links or files from an unverified source
- Conduct a cybersecurity training seminar, refresh every semester
- Cover topics such as passwords, two-factor authentication, and phishing schemes
- Keep cybersecurity top of mind by inciting discussions about recent breaches
- Send a quick email out for pertinent breaches found in the news
Through cyber hygiene and awareness, an organization can severely decrease their chance of becoming the victims of a cyber attack. Don’t let your organization be an easy target.
Secure Information, Not Perimeters
Despite the best cyber hygiene and awareness, it is still possible that an intelligent and persistent cybercriminal may find their way into an organization. Organizations need to encrypt and back-up all of their data, so when a cybercriminal gains access they will not be able to steal anything of value.
Given the propensity of phishing attacks and email hacking, organizations should also consider encrypting their emails. This will further protect for sensitive information that is being exchanged through email and not protected by the organization’s network encryption. Encrypted data is useless to cybercriminals because they can’t sell it or use it as leverage to get the organization to pay a ransom. When organizations have their data backed up it also negates the need for them to pay cybercriminals a ransom to restore the stolen information.
When profit is removed from the equation, the cybercriminals lose motivation.