Is Your School a “Soft Target”?

If you’re unfamiliar with the K-12 Cyber Incident Map, it’s a great interactive visualization of all the publicly-reported cyber attacks on U.S. public schools and school districts since 2016, ranging from simple phishing scams to more disruptive denial-of-service attacks or other significant events that result in the unauthorized access or disclosure of student data. 2017 has already seen more disclosed events in its first half than in all of 2016 combined.

In this article from THE Journal, Doug Levin, founder and operator of this K-12 Cyber Incident Map shares some lessons he has learned after aggregating this data; namely “My sense is that as schools increase reliance on technology, [cybercriminals] are finding that schools are softer targets.”

Security is all about creating a safe computing environment for all users on all segments of your network. Make sure you invest enough time and energy ensuring your school district isn’t the next “soft target” for cyber criminals.

WannaCry? Not us!

By now, we’ve all heard of WannaCry – a ransomware attack that’s being called one of the worst cybersecurity attacks in history. But what have we learned?

WannaCry targeted a vulnerability found in the Microsoft Windows operating systems – from Vista all the way to Windows 10. And even though Microsoft issued a patch to fix this vulnerability back in March, many people and organizations failed to update.

Large organizations such as schools and hospitals often take longer to update their machines so that they can evaluate just how these large scale updates will impact their network and their help desk resources; but in doing so, they leave themselves open to attacks like this.

SafeConnect allows organizations to create OS patch level policies that automatically quarantine devices from the network if their operating system hasn’t recently been patched; it also allows administrators to block access for devices running older operating systems that no longer receive mainstream support. This would’ve helped for the networks that have endpoints on it running Windows XP or Windows 8 – versions for which Microsoft did not release fixes until after the attack had already started.

IoT and the ‘Weaponized’ Teddy Bear

This week at the International One Conference 2017 in The Netherlands, 11 year-old Reuben Paul and his teddy bear Bob showed how easily internet-enabled devices can be exploited to gain access to a network.

Using Raspberry Pi, a tiny credit-card sized computer that could scan for available Bluetooth devices in the conference hall, Reuben located and hacked into the teddy bear which was WiFi connected, Bluetooth enabled and capable of receiving and transmitting messages. Then, he used Python, a programming language, to turn on one of the lights in his toy and record a message from the audience.

The demonstration was to prove that anything connected to IoT, even toys, could be hacked into and used as tools for illegitimate surveillance.

“From airplanes to automobiles, from smartphones to smart homes, anything or any toy can be part of the Internet of Things (IOT),” said the sixth grader, as reported by The Guardian.

All the more reason to know who and what is on your network!