Tag Archive for K12

| June 22, 2011
Comments Off on Teachers Highly Susceptible To Phishing Attacks

Teachers Highly Susceptible To Phishing Attacks

Teachers Highly Susceptible To Phishing Attacks Internet Security Awareness Training (ISAT) firm KnowBe4 has released new cybercrime statistics that identify Education as one of the most Phish-prone™ industry sectors. Education is the second most susceptible sector to cybercrime ploys. DarkReading reports the percentage of companies in each sector that responded to the phishing emails are:

  • Travel – 25%
  • Education – 22.92%
  • Financial Services – 22.69%
  • Government Services – 21.23%
  • IT Services – 20.44%

KnowBe4 founder and CEO Stu Sjouwerman told DarkReading,  “Our cybercrime statistics should serve as a wake-up call … Not only are these businesses at risk for financial loss through a cyberheist, but their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account, and social security numbers.

These findings are based on a recent phishing experiment KnowBe4 conducted among enterprises featured in the latest Inc. 500 and Inc. 5,000 listings.

rb-

Having worked in K12 for a number of years, I saw lots of teachers and a few superintendents get caught by phishing traps, They would then complain to me why they and their organization has entered SPAM jail and then needed me to hit SORBS.net to get the mail flowing again.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| August 28, 2010
Comments Off on New School Year Same Security Threats

New School Year Same Security Threats

New School Year Same Security Threats Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start up again. Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, “With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

Top threats at school

WatchGuard’s top at school threats include:

watchguard_logoSocial Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing, and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for educational purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways of delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet are part of a botnet. As part of a botnet, school and university systems can be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft, and more.

Phishing scams continue to get more advanced and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As the use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
  • The Science of Cyber Security (usnews.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 24, 2010
Comments Off on 9 Year Old Hacks School System

9 Year Old Hacks School System

9 Year Old Hacks School SystemComputerWorld reports that officials at Fairfax County Public Schools thought they had a hacker on their hands. It was reported that someone was changing teacher passwords on the Falls Church, Virginia, school district’s Blackboard system. Blackboard (BBBB) gives teachers, students, and parents a way to communicate and stay on top of homework assignments and class announcements over the Web. Blackboard’s website says more than 5,000 K-12 and higher-education institutions nationwide use its software.

Blackboard logoThe District contacted local authorities when teachers and staff members reported their passwords were changed preventing access to their accounts because according to ComputerWorld. Changes to content and enrollment information for some courses was also discovered. The local police investigated and pulled a search warrant for Cox Communications, the Washington Post reports. They traced the  IP address which accessed the Blackboard system to the McLean, Virginia physical address of the home of a 9-year-old student in Fairfax County Public Schools. The police initially suspected the student’s mother, but after interrogating both of them it became clear that the child was to blame.

Turns out that the Blackboard system was not hacked. The student had simply taken a teacher’s password from a desk and used it to change enrollment lists and other teachers’ passwords. “This was a case where an individual … got hold of a teacher’s password, and the passwords had administrative rights,” said Paul Regnier, a school board representative. “It was actually not a hack, unless you consider the 9-year-old took the teacher’s username and password from the desk a hack,” said Michael Stanton, Blackboard’s senior vice president of corporate affairs. Although there will be no criminal charges filed against the perpetrator, citing school policy, Regnier wouldn’t confirm that it is a student, the Fairfax school board is taking the incident seriously, Regnier said. “Nothing bad happened this time, but we have to make sure that … it doesn’t happen again,” he said.

rb-

TPassword on post ithis event correlated with the recent (04/14/2010) Tufin Technologies survey results of the hacking habits of 1,000 New York City teenagers. The survey found that 39% of the teens surveyed think hacking is “cool” and 16%, or roughly one in six, admitted to trying their hand at it. Only 15% of the entire sample has either been caught or knows someone who has – particularly disturbing considering 7% of young hackers reported they did so for money and 6% view it as a viable career path.

The big lesson here is, of course, SECURE YOUR PASSWORDS

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| January 19, 2010
Comments Off on Zeus Raids School

Zeus Raids School

Zeus Raids SchoolA New York school district was a victim of an apparent Zeus trojan attack which appears to have netted nearly $500,000. InformationWeek is reporting that the FBI and New York State Police Cyber Crime and Critical Infrastructure Unit are investigating an attempt last month to steal about $3.8 million from the Duanesburg Central School District near Schenectady, New York.

According to the January 6 article, online thieves made a series of unauthorized funds transfers from the school district’s NBT Bank account to an overseas bank between December 18 and 22, 2009. The third transfer during this period was flagged as abnormal activity by the bank, which began blocking pending transactions after the school district confirmed the transfers had not been authorized. Working with foreign banks, NBT Bank recovered about $2.5 million out of $3 million stolen during the four-day period, but two previous unauthorized transactions were discovered.

Thanks to NBT Bank’s aggressive pursuit of the stolen funds, we are fortunate that the vast majority of the money has been recovered,” wrote Superintendent Christine Crowley in a letter on Monday to district parents and community members. “However, $497,200 of Duanesburg taxpayers’ money is still missing, and we are committed to doing everything in our power to recover the remaining funds.

The district website says, “At this time, we do not have any more information on how this happened and do not expect to have any more information to share until the investigation concludes.

Security researchers at Trusteer point out in a recent DarkReading article that Zeus is detected only 23 percent of the time by up-to-date anti-virus applications. The massive Zbot botnet is made up of 3.6 million PCs in the U.S., according to Damballa data  The malware steals users’ online financial credentials and moves them to a remote server, where it can inject HTML onto pages rendered by the victim’s browser to display its own content mimicking, for instance, a bank’s Web page.

Zeus’ infection rate is higher than that of any other financial Trojan. We are seeing actual fraud linked to Zeus — accounts being compromised, [and] money transferred from accounts of customers infected with Zeus,Mickey Boodaei, founder and CEO of Trusteer told DarkReading. “When we investigate some of our banking customers’ [machines infected by it], we find evidence of abuse on the computer, so we know this crime ring is very active and dangerous.

The security blog says that organizations can’t control the transmission vectors, which are increasingly social networking and/or webmail applications. Given the high degree of user trust and huge user populations, malware developers have been targeting social networks aggressively (webmail is a well-established transmission vector). Some of the threats come in the form of social network-specific threats (e.g., koobface, fbaction), but many times they’re re-using existing or older threats delivered in a new, hybrid way – exploiting the trust associated with social networks – which has given threats like Zeus a huge boost. If you can’t control the transmission vector, it’s much harder to manage the threat…especially when users click first, and think later.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
  Recent Entries »