1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

9/7/2020

0 Comments

Rise of Phishing and DDoS Attacks in the Education Sector

 
Rise of Phishing and DDoS Attacks in the Education Sector

Rise of Phishing and DDoS Attacks in the Education Sector

COVID-19 resulted in the temporary shutdown of schools and universities across the world. This has given rise to online classes, whereby classes are conducted remotely and on digital platforms.

As schools and universities across the world reopen, many opt for mixed physical and online classes, while some still opting for purely online classes. The shift to online classes, however, has opened a window for malicious actors to exploit.

The shift to online classes gives rise to phishing attacks and distributed denial of service (DDoS) attacks directed against the education sector.

Phishing Campaigns

Phishing is one of the oldest and popular forms of cybercrimes. In a phishing campaign, intended victims, whether targeted or random individuals, are tricked into clicking something leading to the stealing of data or the downloading of malicious software (malware).

Microsoft Security Intelligence has found that as of September 7, 2020, out of the nearly 8.7 million malware encounters reported in the last 30 days, 59.84% came from the education sector, making it the most affected sector.

In the report “Digital Education: The cyberrisks of the online classroom”, Kaspersky Lab said that attackers lure victims in downloading malware by bundling fake versions of popular video meeting apps and online course platforms as legitimate application installers. Victims encounter these fake video meeting apps and online course platform installers through phishing websites – referring to sites designed to look like legitimate websites supposedly for downloading popular video meeting apps and online course platform app installers.

Another way by which victims encounter these fake video meeting apps and online course platform installers is through phishing emails that masquerade as special offers or notifications. Downloading of the fake video meeting apps and online course platform installers either from phishing websites or phishing emails could lead to the installation and running of malicious software on the victim’s computer or stealing of sensitive data.

In April of this year, researchers at Check Point reported that in just a span of 3 weeks, nearly 2,500 new websites relating to the video conferencing app Zoom were registered. Out of these 2,500 new Zoom-related websites, 1.5% of these websites were found as malicious and the other 13% were found as suspicious. The researchers added that cybercriminals impersonated other video conferencing apps such as Microsoft Teams and Google Meet.

Researchers at Check Point reported that victims fell prey to phishing emails that came with the subject “You have been added to a team in Microsoft Teams“. The phishing emails contained a malicious website URL, which on the first glance looks similar to the legitimate Microsoft Teams URL. A double-check, however, of this URL shows that this URL is a fake one and victims who landed on this fake Microsoft Team site ended up downloading a malware.

Distributed Denial-of-Service (DDoS) Attacks

In a DDoS attack, a botnet – referring to a network of computers infected with self-propagating malware – is used by an attacker in overwhelming the target or its surrounding infrastructure with a flood of internet traffic. According to Kaspersky Lab, between January 2020 and June 2020, the number of DDoS attacks affecting the education sector increased by at least 350% when compared to the corresponding month in 2019.

Authorities recently arrested a 16-year-old in connection with a series of DDoS attacks on Miami-Dade County Public Schools that disrupted the district's first week of online classes. The teenager admitted to launching the DDoS attacks using Low Orbit Ion Cannon (LOIC).

LOIC is a decade-old application developed originally used for network stress testing. Since becoming an open-source application it has been used for malicious activities such as DDoS attacks. A successful DDoS attack using LOIC floods a target server with TCP, UDP, or HTTP packets with the goal of disrupting service.

A DDoS attack via LOIC uses IRC chat channels to run a “Hivemind” version of the LOIC. This allows a primary user of the IRC chat to control secondary computers, creating a botnet – referring to a network of computers controlled by the primary user for malicious activities such as DDoS.

LOIC was used in the past to launch DDoS attacks against Visa and MasterCard websites in response to the freezing of payments to WikiLeaks. The thing about using LOIC in launching DDoS attacks is that attackers are unable to hide their IP addresses, making it easy for authorities to track them down. Due to this IP address visibility, authorities in many countries have taken legal actions against DDoS attackers leveraging LOIC. 

Preventive and Mitigating Measures Against Phishing and DDoS Attacks

To stay safe from phishing attacks, be wary of clicking anything online as these could lead you to phishing sites. Also double-check URLs as a difference in one letter or character could lead you to a malicious site.

To stay safe against DDoS attacks, including DDoS attacks leveraging LOIC, use WAF, short for Web Application Firewall. WAF specifically provides strong protection against HTTP floods. As protection against TCP and UDP, use a dedicated DDoS protection.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit