Hackers have recently intensified their efforts to pilfer digital information pertaining to students, encompassing a wide array of sensitive data such as health records, attendance information, homework, grades, medical details, photos, disciplinary records, educational records, home communication information, assignments, and other assessment-related data. The value of these pilfered datasets can range from $10 to $120, contingent upon the sensitivity of the information contained.
In the year 2022 alone, an alarming 960 schools fell victim to various forms of cyberattacks, spanning across 45 districts. A report by Emsisoft revealed that data pertaining to over 2 million individuals was illicitly obtained from diverse data points within student management systems.
One common vulnerability exploited by hackers is misconfigured systems, providing an entry point into school computer networks. Additionally, students unknowingly divulge significant details about their private lives on social media and email accounts, serving as an inadvertent gateway for cybercriminals to infiltrate school networks through a student’s PC.
The modus operandi is deceptively simple – hackers deploy malicious links via email or messaging platforms, enticing recipients to click on the links with promises of financial gain. In some instances, threat actors impersonate acquaintances of the victim, coercing them into disclosing digital credentials such as passwords for Facebook, Twitter, or iCloud accounts. Subsequently, hackers not only gain access to the student’s personal life but also infiltrate the school network, accessing data restricted to staff, students, and parents.
The potential repercussions are concerning, ranging from a hacker threatening a child by manipulating their photos to engaging in identity theft for future malicious use.
To counteract these threats, it is imperative to raise awareness among students about the existing dangers. This involves adopting robust cybersecurity practices such as using a minimum 14-character password comprising a combination of alphabets, numbers, and symbols, maintaining stringent privacy settings on social media accounts, and refraining from accepting invitations from unknown numbers on messaging and social media platforms. Concurrently, educational institutions, including schools, colleges, and universities, should implement proactive measures and develop efficient incident response plans to mitigate such cybersecurity risks.
