The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint warning that malicious cyber actors are targeting kindergarten through twelfth-grade (K-12) educational institutions. These actors are initiating ransomware attacks, data thefts, and general disruption of distance learning efforts. The agencies expect these attacks to continue through the 2020-21 academic year.

Among other things, cyber actors have launched ransomware attacks against school computer systems, rendering them inaccessible for distance learning and other basic functions. They have also stolen and threatened to leak confidential student data and personal information unless the institutions paid a ransom. In August and September 2020, 57 percent of ransomware incidents reported to MS-ISAC involved K-12 school, compare to 28 percent of such incidents from January through July.

The joint report also notes that uninvited users have disrupted live videoconference classroom sessions in a manner similar to the “Zoom-bombing” that afflicted the early pandemic adoption of that platform. Such disruptions have included verbal harassment of participants and displaying pornography or violent images.

The agencies also warned that cyber actors could use distance learning to deploy phishing methods similar to those used against businesses. Such tactics involve tricking victims into revealing passwords, bank account numbers, or other personally identifiable information. They could also involve deceiving distance learners into performing a task, such as clicking a link that secretly downloads malware or purchasing gift cards for scammers.

As with businesses, the best defenses against these attacks remain the same. These defenses include:

  • Ensuring your software is up to date, with all the most recent patches and updates
  • Using multi-factor authentication wherever possible
  • Setting antivirus and anti-malware solutions to update automatically, to scan daily, and where possible, to actively intercept threats.
  • Ensuring users—whether educational system employees or students—know of the threats and how they are delivered
  • Ensuring users know how to react in the event of suspicious activity or a confirmed cyberattack
  • Backing up important data regularly

For more information regarding this article, please contact Sean Griffin.

For information regarding Dykema’s Privacy and Data Security Team, please contact Cindy Motley.

To sign up for Dykema’s Privacy and Data Security Blog e-mail updates, please click here.


As part of our service to you, we regularly compile short reports on new and interesting developments and the issues the developments raise. Please recognize that these reports do not constitute legal advice and that we do not attempt to cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments are always welcome. ©2020 Dykema Gossett PLLC.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Sean C. Griffin Sean C. Griffin

Sean C. Griffin is a Member in the Washington, D.C. office of Dykema. Sean focuses his practice on commercial litigation, with a specialty in cases involving allegations of breach of contract or fraud. His experience includes litigating cases in federal and state courts…

Sean C. Griffin is a Member in the Washington, D.C. office of Dykema. Sean focuses his practice on commercial litigation, with a specialty in cases involving allegations of breach of contract or fraud. His experience includes litigating cases in federal and state courts and arbitration panels around the country. He also responds to subpoenas investigating violations of federal or state laws, including the False Claims Act, the U.S. Foreign Corrupt Practices Act (FCPA), and securities laws. Additionally, he assists clients with data security and responding to data breaches and is an IAPP Certified Information Privacy Professional (CIPP/US).

After graduating from Columbia University School of Law, Sean clerked for the U.S. District Court for the District of Maryland. After his clerkship, he worked as a trial attorney at the U.S. Department of Justice, Civil Division, where he handled commercial litigation trials and appeals as well as government contract and construction litigation.