Public School Cyberattacks are a Wake-up Call


In the past month, just as K-12 students begin a new school year, several school districts across the United States experienced various forms of cyber-attack. Some were ransomware attacks, others resulted data breaches, and several were Distributed Denial of service (DDoS) attacks.

Cybercriminals do not always attack their targets directly; they may focus on an upstream Service Provider, or other third-party supplier, as was the case last week when a DDoS attack on a web filtering software company disrupted connectivity for the Pickens County School District in South Carolina. Such attacks are even more frustrating during the current COVID pandemic, because so many students and teachers completely or partially depend upon online technology for remote learning.

One of the most noteworthy incidents was a series of twelve DDoS attacks on the Miami-Dade public school system’s IT infrastructure and distance learning platform, all occurring since the new 2020-2021 school year began. Those attacks alone forced the cancelation of online classes for around 200,000 students. As is often the case with cyber-attacks on education establishments, investigators quickly discovered that at least eight of the attacks were launched by a 16-year-old male student at South Miami Senior High School, who was subsequently arrested on September 3. Investigators are reportedly working to find out if other offenders also launched some of the attacks. According to The Hill, the investigation involved the FBI, the Secret Service, and the and the Florida Department of Law Enforcement.

Observers can learn several things from the Miami-Dade attack. First of all, it doesn’t take much effort, or money, to launch a devastating DDoS attack. In fact, it’s quite likely he simply used a DDoS for hire service to conduct the attack, which can be bought on the Dark Web for as little as a few tens of dollars. Secondly, cybercrimes can consume a lot of resources to investigate; using federal and state agencies is no trivial cost to taxpayers. Thirdly, judging by how quickly investigators traced the source of the attack to his IP address, it’s apparent that the suspect was not very sophisticated in covering his cyber-tracks, in the way many cybercriminals are. And, lastly, but not least, this attack is a wake-up call for school systems to evaluate and strengthen their cyber defenses, because there will undoubtedly be copycats eager to create similar levels of disruption, especially while classes are being conducted online due to COVID lockdowns.

If the perpetrators’ goal was to disrupt the school system, then the volumetric DDoS attacks they  chose to use were clearly successful. Bear in mind, however, that other cybercriminals may be stealthier in their attack methods; as their ultimate purpose may be a data breach or ransomware infiltration.  In these cases, they may use a smaller sub-saturating DDoS attack to distract IT security analysts. Public school systems may not have the luxury of large IT security teams, but they can easily, and cost-effectively, outsource their DDoS protection to their ISP or hosting provider.

DDoS attacks are just one of many cyber threats, but they are now one of the most common and least expensive weapons that cybercriminals have in their arsenals. They are also one of the most disruptive forms of attack, especially at a time when much of the world is learning and working remotely and is highly reliant on the availability of Internet services and connections.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.