School’s Offline

Online learning has been a big area of technology investment for educational institutions over the years, which has certainly paid off as the COVID-19 pandemic forced many schools to shift to a wholesale online learning environment. But that shift has also highlighted something that we at NETSCOUT have seen: While intellectual property remains a key target, the use of DDoS attacks to threaten the availability of educational services is rife.

DDoS Attacks by the Numbers

We saw 8.4 millions DDoS attacks globally in 2019, and nearly 200,000 of them targeted Educational Services. Our monthly breakdowns by attack frequency and largest attacks by volume yielded several insights. (These details are available for review at NETSCOUT Cyber Threat Horizon, a free resource with live attack data. 

Monthly DDoS attack count seen against Educational Services in 2019 

Largest DDoS attack by volume seen against Educational Services in 2019 

• The attack frequency maps clearly to the global educational calendar, with a large part of the world’s population taking breaks during the summer in the northern hemisphere. 
• The types of attacks involved represent the full gamut of DDoS techniques, including new ones that first came to light in 2019. We reported on seven new attack vectors first observed in volume last year, demonstrating the level of innovation that is driving trends across the attack landscape.

Real-Life Reports

Outside of the data, we’ve had the opportunity to protect a few educational institutions against DDoS attacks worldwide and have come away with the following observations: 

• The attacks we saw were timed to coincide with key examinations that were administered online. While we could thwart those specific attacks, it was clear to us that the attacker didn’t go away until that period of exams had concluded.
• In more than one instance, the systems used to launch the attack involved computing resources from other educational institutions. This doesn’t necessarily mean that the attacker had anything to do with that other institution, but the computer and network capacity often present at educational institutions make them attractive to use in attacks too.

Of course, students aren’t the only, or perhaps even the main, threat to educational systems. Nation-state actors have been targeting higher education for a long time, primarily with a view to stealing the Intellectual Property often uniquely present in there. Just over a year ago, NETSCOUT reported on a campaign we called STOLEN PENCIL, in which suspected North Korean actors had gained persistent access to range of Universities and Think Tanks across North America. 

Another cause for concern in the Educational Services world is the widespread proliferation of Internet-of-Things (IOT) devices. Colloquially, I take this to mean any non-standard computing device that connects to the network – think printers, IP-enabled video cameras, digital whiteboards etc. These are often the basis for DDoS attacks worldwide today because of the poor security practices associated with many of them as well as the sheer volume at which they are being deployed. Our research has shown that the malware family called Mirai has been extended to cover an ever wider set of device types, greatly expanding the potential scale of attacks that involve these devices. 

Given this, it’s fair to say that Educational Services have to be vigilant against the cybersecurity threat. Strong network segmentation, best-of-breed DDoS protection and continuous monitoring – these are critical ingredients to ensuring that such services can be delivered in a safe and consistent manner. 

Download the latest Threat Intelligence report for the latest research from NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT).

Modi is the area vice president, engineering, threat and mitigation products