LIVE @ ISTE 2024: Exclusive Coverage

Increasingly, schools are becoming targets of organized cybercrime organizations, and federal groups urge caution

What school leaders need to know about organized cybercrime

Increasingly, schools are becoming targets of organized cybercrime organizations, and federal groups urge caution

Cyberattacks against K-12 schools continue to climb in both number and scale. Such attacks can have serious repercussions; according to a recent report from the Government Accountability Office, “officials from state and local entities reported that the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time ranged from two to nine months.”

These attacks aren’t just being carried out by disgruntled students or “lone wolf” types. Increasingly, schools are becoming targets of organized cybercrime organizations. The FBI, CISA and the MS-ISAC issued warnings at the start of this school year, anticipating attacks may increase as criminal ransomware groups perceive opportunities for successful attack.

The rise of Ransomware-as-a-Service

Many of the recent prominent attacks against schools have been perpetrated by organized crime – and they’re often using what’s known as Ransomware-as-a-Service (RaaS). This is a subscription-based model that allows partners (affiliates) to use ransomware tools that someone else has already developed. The affiliates earn a percentage of the profits if the attack is successful, so there’s plenty of incentive. RaaS makes it easier to pull off more attacks more quickly, which has made it very popular.

Recent research found that ransomware threats remained at peak levels in the latter half of 2022 – with new variants being enabled by RaaS. In 2022, 82 percent of financially motivated cybercrime involved the employment of ransomware or malicious scripts. And not only are bad actors continuing to introduce new strains of ransomware, but they’re also upgrading, modifying, and reusing old ones. The result: Attacks that are more complex and damaging. RaaS appears to be the driving force behind it all.

RaaS is an indicator of what’s to come

The dark web is starting to host an increasing number of additional attack vectors as a service, and this will significantly increase the availability of what’s known as

Cybercrime-as-a-Service (CaaS). It includes new criminal strategies, such as the sale of access to already-compromised targets, will develop in addition to the sale of ransomware and other malware-as-a-service offers.

This business model is highly appealing to bad actors because it enables them to simply take advantage of turnkey, subscription-based products without having to spend the time and money up front to create their own special attack strategy. And that makes it especially attractive for would-be attackers with limited skills.

And for experienced attackers, offering attack portfolios as a service provides a straightforward, fast, and recurring income. Additionally, bad actors will start using novel attack methods like deepfakes, making these audio and video recordings and associated algorithms more widely available for purchase.

How to bolster defenses

Two issues must be addressed in order to best protect these systems and data: the widespread acceptance of information security training and the bolstering of network defenses.

One of the most important defense tactics for preventing this oncoming wave of attacks is cybersecurity education. While many school districts already provide their employees with basic security training, they should consider expanding these offerings further. All employees within a district should be given some level of security training, not just those who work in the IT department.

As security leaders in education examine their priorities for coming months, they must  addmust add new training focused on how to identify emerging risks. It also makes sense to consider organizing tactical training sessions that are based on real-world circumstances.

In terms of bolstering network defenses, next-generation firewalls can play a major role.

The security parameters for a traditional firewall are based on state, port and protocol, and they are focused on a stateful inspection of network traffic entering or leaving the network. However, by examining the behavior of the applications themselves, next-gen firewalls go beyond the restrictions of conventional connection-based traffic analysis.

With the aid of this currently available technology, numerous security functions, such as web filtering or intrusion prevention, can be combined with traffic inspection by application and behavior. In addition, current technological developments enable automation that reduces the time required to find and halt intrusions, giving technical employees more time to focus on other crucial security controls.

Right now, basic firewall services are covered by the FCC’s E-rate program, which offers significant reductions for school internet connections and telecommunications equipment. There’s been a major push for access to more robust network security measures; industry and education groups have called upon the FCC to update its E-rate qualified services list to include next-generation firewalls. This would help school districts buy the tools needed to more effectively secure the private information of students, instructors, and staff. And it’s key in defending school networks. A public comment period on the proposal is currently open, with comments being accepted through the end of March.

Fighting back

Cybercrime as a Service (CaaS) and Ransomware as a Service (RaaS) are on the rise, enabling bad actors to do more damage at scale far more quickly and with fewer resources. According to recent data, in the second half of 2022, the top five ransomware families accounted for roughly 37 percent of all ransomware. GandCrab, a RaaS malware introduced in 2018, topped the list. The K-12 sector isn’t immune; in fact, we’ve seen several attacks against school districts in recent months that are linked to cybercrime organizations. Bad actors know that schools often lack the budget to fully protect their sensitive digital assets.

However, schools are not helpless here. With ongoing cybersecurity training for employees and stronger network defenses, they will stand a better chance of defeating their ever-present cyber foes.

Strategies to help IT leaders combat imminent cyberattacks
Could nearly half of cybersecurity leaders leave their roles by 2025?

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Latest posts by eSchool Media Contributors (see all)

Want to share a great resource? Let us know at

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.