Over Labor Day weekend in the U.S., a ransomware attack hit the Los Angeles Unified School District (LAUSD) that temporarily shut down its computer systems, applications, and email. LAUSD is the second largest school district in the U.S. and enrolls more than 640,000 students.
After the attack was confirmed, LAUSD sought assistance from the nation’s top law enforcement agencies, such as the FBI and DHS CISA for help investigating the incident and to implement a rapid response protocol. Despite the breach causing “significant disruption” to the school district’s IT infrastructure, schools were able to open on Tuesday September 6th, the day after Labor Day.
“This was an act of cowardice,” said Nick Melvoin, the school board vice president. “A criminal act against kids, against their teachers and against an education system.”
Within days of the LAUSD attack, federal authorities issued a joint cybersecurity advisory warning of potential ransomware attacks by the criminal extortion gang, Vice Society, which is said to be “disproportionately targeting the education sector.”
The attack on LAUSD signals the growing threat of cyberattacks in the education sector. According to the State of Ransomware in Education 2022 report, 56% of lower education organizations and 64% of higher education organizations surveyed reported being hit by ransomware in the last year. This observation is also substantiated by a recent report from Check Point that discovered that the education/research space has seen a 114% increase in the last two years.
Cyberattacks on schools can have devastating effects. Schools typically rely on IT systems to run transportation, control safety and emergency mechanisms, access the personal information of students, and support student learning. Cyberattacks on these essential systems can disrupt processes, close down schools for days at a stretch, and create widespread chaos.
In addition to these risks, cyberattacks can also cause significant financial losses to already underfunded schools. For example, the estimated cost of the ransomware attack on the computer servers of a Baltimore City school in 2019 was as high as $18 million!
In case of LAUSD, while officials are yet to reveal the cause of the attack, several reports suggested that in the months leading up to the attack, login credentials for accounts within the school district’s network were offered on the dark web. At least 23 sets of login credentials belonging to people working for and with the District were exposed. The credentials included passwords that were as simple as “french-fries.” It is possible that at least one set of these credentials helped threat actors infiltrate the District’s VPN network and install ransomware.
To contain potential damage, the District reset passwords for more than 53,000 students and 70,000 employees, rendering virtual learning hubs and other critical applications inaccessible and creating further confusion.
VPNs are becoming a popular threat vector among ransomware actors, as VPN authentication predominantly involves passwords. Passwords come with inherent vulnerabilities, and weak or reused passwords are easy to crack. One of the best ways to mitigate password-related threats and secure VPN connections is to implement strong multi-factor authentication (MFA).
Public Key Infrastructure (PKI) offers a secure and reliable framework for implementing password-less MFA for VPNs. PKI replaces passwords with digital certificates and keys, and removes the need for users to intervene in the authentication process. As certificates and keys rely on cryptography and never leave the user’s system, they are significantly more secure to use than passwords.
Implementing password-less MFA adds an additional layer of security for VPNs, making it difficult for malicious actors to gain network access. In doing so, it also helps schools to protect student data and critical operations from getting compromised.
Another security challenge that PKI can help schools address is device authentication. As schools adopt new technology to facilitate digital learning, there has been an upsurge in the number of mobile devices connecting to school networks. Apart from school-managed devices, there are also several student-owned personal devices accessing the network, which has dramatically expanded the attack surface, making it difficult for schools to secure their environments.
PKI helps mitigate this threat by implementing strong device authentication. PKI helps authenticate both the user and device by provisioning them with unique identities in the form of digital certificates. These certificates serve as access cards for the network and help ensure that only authorized devices and users are allowed network access regardless of their location.
In addition to strong authentication, PKI also helps secure mobile email communications with end-to-end data encryption. PKI allows users to encrypt email communications to protect the confidentiality and integrity of data being shared. Encrypting email ensures data is protected both at rest and in transit, preventing malicious actors from intercepting or altering messages, even when the device gets stolen or hacked.
Given the large volumes of sensitive student data that schools store and process, cyberattacks on K-12 institutions are expected to increase as the new academic year begins. The attack on LAUSD should serve as a wake-up call for all schools to take immediate action towards hardening their security systems. Implementing PKI can be one of the first steps in this direction as schools strive to become cyber resilient.
If this spurs you to action, check out AppViewX CERT+, a turnkey solution for all enterprise PKI needs. It helps discover, monitor, analyze, orchestrate and fully automate certificate lifecycle management and key management solutions to prevent data breaches and application outages. It not only simplifies enterprise PKI management but also bolsters the security posture.
Need more information? Talk to one of our experts today!