Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

Dec 22, 20

Cyber Security Advisory

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and Analysis Center (MS-ISAC), have joined forces to assess malicious cyber-attacks that are targeting kindergarten through twelfth grade (K-12) educational institutions.

They have found that threats to K-12 schools include ransomware, malware, distributed denial-of-service attacks, and video conference disruptions. To learn more about these threats, read the whitepaper coauthored by the FBI, CISA, and MS-ISAC.

These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.

How To Protect Your District
In their whitepaper, the FBI, CISA, and MS-ISAC recommend that districts take the following steps against cyber threats.

Plans and Policies

Review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors.

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for educational institution-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Implement application and remote access listing to only allow systems to execute programs known and permitted by the established security policy.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Audit logs to ensure new accounts are legitimate.
  • Scan for open or listening ports and mediate those that are not needed.
  • Identify critical assets such as student database servers and distance learning infrastructure; create backups of these systems and house the backups offline from the network.
  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and students aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.
  • Monitor privacy settings and information available on social networking sites.

Ransomware Best Practices

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
  • Report ransomware incidents to your local FBI field office.

Denial-of-Service Best Practices

  • Consider enrolling in a denial-of-service mitigation service that detects abnormal traffic flows and redirects traffic away from your network.
  • Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event.
  • Configure network firewalls to block unauthorized IP addresses and disable port forwarding.

Video-Conferencing Best Practices

  • Ensure participants use the most updated version of remote access/meeting applications.
  • Require passwords for session access.
  • Encourage students to avoid sharing passwords or meeting codes.
  • Establish a vetting process to identify participants as they arrive, such as a waiting room.
  • Establish policies to require participants to sign in using true names rather than aliases.
  • Ensure only the host controls screen-sharing privileges.
  • Implement a policy to prevent participants from entering rooms prior to host arrival and to prevent the host from exiting prior to the departure of all participants.

Read the full
whitepaper coauthored by the FBI, CISA, and MS-ISAC.

You can trust that your private information is protected with WSIPC and our vendors. Visit our Data Privacy page to learn about our data privacy and security policies and procedures.

is a non-profit cooperative that provides technology solutions (including Skyward), services, and support to K-12 schools. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how your district can become part of the WSIPC Cooperative, contact us at or 425.349.6600.

WSIPC. Inspired by education. Empowered by technology.TM