[ad_1]
ALBUQUERQUENM (AP) — For teachers at a middle school in New Mexico’s largest city, the first sign of a widespread technology problem came during the early morning staff call.
The video featured cries of a new guardian for his hard work and typical announcements from managers and union rep. But there were hints of an impending crisis in the conversation. No one was able to open attendance records, and everyone was locked into class lists and grades.
Albuquerque Administrators later confirmed that the outage, which blocked access to the district’s student database, which included emergency contacts and lists of which adults were authorized to take which children, was caused by a ransomware attack.
“I didn’t realize how important it was until I couldn’t use it,” he said. Sarah Hagera Cleveland Middle School art teacher.
Cyberattacks, such as the one that canceled classes for two days in Albuquerque’s largest school district, have become a growing threat to US schools, with several high-profile incidents reported since last year. And the coronavirus pandemic has escalated its effects: More money has been demanded and more schools have had to close as they struggled to recover data and even manually wipe entire laptops.
“Almost no matter how you cut it, incidents have become both more frequent and more important,” said Doug Levin, director of K12 Security Information Exchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risk.
Accurate data are hard to come by as most schools are not required to publicly report cyberattacks. But experts say public school systems, which often have limited budgets for cybersecurity expertise, have become an inviting target for ransomware gangs.
The pandemic has also forced schools to increasingly turn to virtual learning, making them more dependent on technology and more vulnerable to cyber blackmail. School systems whose education has been disrupted include those in Baltimore County and Miami-Dade County, and areas in New Jersey, Wisconsin, and elsewhere.
Levin’s group has tracked more than 1,200 cybersecurity incidents in public schools across the country since 2016. It included 209 ransomware attacks in which hackers lock data and charge to unlock it; 53 “denial of service” attacks in which attackers sabotage or slow down a network by forging server requests; 156 “Zoombombing” incidents where an unauthorized person intruded on a video call; and more than 110 phishing attacks where a deceptive message tricks a user into allowing a hacker to break into their network.
The latest attacks also come as schools grapple with many other pandemic-related challenges. Teachers get sick and there is no one else to protect them. Where there are strict virus testing protocols, there aren’t always tests or people to give them.
An attack on third-party software vendor Illuminate Education in New York City this month did not result in classes being canceled, but teachers in the city were unable to access grades. Local media reported that the cut added to the stress for educators already engaged in education by enforcing COVID-19 protocols and covering colleagues who are sick or in quarantine.
Albuquerque Superintendent Scott Elder said that bringing all students and staff online during the pandemic created additional ways for hackers to gain access to the district system. He cited this as a factor in the January 12 ransomware attack that canceled classes for nearly 75,000 students.
The cancellations, which Elder calls “cyber snow days,” gave technicians a five-day window to reset their databases over a holiday weekend.
Elder said there is no evidence that student information was obtained by hackers. He declined to say whether the district paid the ransom, but noted that if payment were made, it would be a “public process”.
hagerThe art teacher said the cyberattack has increased the stress on campus in ways that parents don’t see.
Fire drills were canceled because the fire alarms did not work. Intercoms stopped working.
When the positive test results came back, the nurses could not find which children were where. hager aforementioned. “So potentially there were students on campus who were probably sick.” Also, the attack appears to have permanently deleted several days of attendance records and notes.
Edupoint, its reseller Albuquerque‘s student knowledge database Synergy declined to comment.
Many schools choose to keep attacks private or release little information to avoid revealing additional weaknesses in their security systems.
“It’s very difficult for school districts to learn from each other because they don’t need to talk to each other about it because you can share vulnerabilities,” Elder said.
Last year, the FBI issued a warning about a group called the PYSA, or “Protect Your System Cheerleader,” saying the group has seen an increase in attacks on schools, colleges, and seminaries. Other ransomware gangs include Conti, who last year demanded $40 million from Broward County Public Schools, one of the largest in the country.
Most are Russian-speaking groups based in Eastern Europe with a safe haven from tolerant governments. Some post files on the dark web, including highly sensitive information, if they don’t get paid.
According to Brett Callow, a threat analyst at Emsisoft, attacks on larger areas made more headlines, while ransomware gangs tended to target smaller school districts in 2021 compared to 2020. He said this could indicate that larger regions are increasing cybersecurity spending, while smaller regions with less money are more vulnerable.
A few days after Christmas, Truth or Consequence with 1,285 students? Albuquerque, also shut down the Synergy student information system with a ransomware attack. Authorities likened it to the burglary of their homes.
“Just that feeling of helplessness, confusion as to why someone would do such a thing, because at the end of the day, that takes away from our kids. And to me that is a disgusting way of trying to make money,” said Inspector Channelll Segura.
The school did not have to cancel classes as the attack took place during the break, but the network is down, including the keyless entry locks on the schoolhouse doors. Segura said teachers still carry the physical keys they had to track down at the beginning of the year.
In October, President Joe Biden signed the K-12 Cybersecurity Act, which asks the federal cybersecurity agency to make recommendations on how to help school systems better protect themselves.
Far from supporting schools on cybersecurity, New Mexico lawmakers have been slow to expand internet use in the state. Last week, state representatives submitted a bill that would allocate $45 million to the state education department to create a cybersecurity program by 2027.
Ideas on how to prevent future hackers and recover from current attacks often require more work from teachers.
In the following days Albuquerque In the attack, parents debated on Facebook why schools couldn’t just switch to pen and paper for things like attendance and grades.
hager aforementioned he I even heard your criticisms him The mother is a retired school teacher.
“Mom, I said, ‘You can only take attendance on paper if you printed out the roster at the beginning’” hager aforementioned.
Teachers can also keep cheat sheets of all records – but that doubles the clerical work that has already bogged them down.
In an age where administrators are increasingly asking teachers to record everything digitally, hager “These systems should work,” he says.
___
Associated Press authors Michael Melia of Hartford, Connecticut and Alan Suderman of Richmond, Virginia contributed to this report.
___
Attanasio is a corps member of the Associated Press/Report for America Statehouse News Initiative. Report for America is a nonprofit national service program that places journalists in local newsrooms to report on confidential issues.
For more information, visit The Washington Times COVID-19 resource page.
[ad_2]
Source link