As kids head back to school, parents and teachers have been focused on school supplies, while cybercriminals have their eyes on the prize: targeting educational institutions for financial gain. The last two years have seen a marked increase in cyberattacks on schools and educational entities, primarily driven by ransomware threats and the sensitive data these institutions hold, necessitating enhanced security measures to mitigate risks.
Increasing ransomware attacks, expanded geographic targeting, and more sophisticated tactics indicate the threat to the education sector continues to grow. Ransomware attacks against K-12 schools and higher education institutions surged by 105% last year, with the total number of such incidents rising from 129 in 2022 to 265 in 2023. Higher education institutions specifically saw a 70% increase in attacks, from 68 incidents in 2022 to 116 in 2023. These figures only account for reported incidents where ransoms were not paid, suggesting that the actual number of attacks may be even higher. This highlights the vulnerability of educational institutions due to the sensitive personally identifiable information (PII) they manage. Notably, ransomware attacks on education spiked during the summer months last year prior to schools reopening for autumn.
Notable ransomware groups have significantly contributed to this increase. Five ransomware gangs were credited with 81% of 2023’s education ransomware attacks, including LockBit (60), Vice Society/Rhysida (44), CL0P (22), Medusa (17), and Akira (15). While most attacks were concentrated in the US, other countries like the UK, Australia, Germany, France, and Brazil were also affected. This broader scope indicates a growing global threat to educational institutions. Ransomware groups have also developed increasingly sophisticated tactics. Phishing attacks are a common method for gaining initial access, with groups like Rhysida using tools like Cobalt Strike to move laterally within compromised systems.
Recent instances indicate that attacks have continued to affect educational institutions this year. According to Abnormal security researchers, over 650,000 records from multiple educational institutions were compromised across multiple educational institutions in the last two months alone, with email addresses being the common targets in all breaches. This pattern points to a rise in targeted cyberattacks as schools prepare for the 2024 academic year.
These cyberattacks have caused substantial disruptions in educational operations, affecting the delivery of services and the safety of student information. The sensitive nature of the data held by educational institutions makes them attractive targets for cybercriminals. Experts stress the critical need for robust cybersecurity awareness and defenses in educational institutions to defend against ongoing attacks, as the education sector remains a prime target.