Why Should Schools Prioritize Cybersecurity?

Updated on Sep 21, 2022

Among all the sectors under threat from cyberattacks, education has the most serious challenges to overcome. Lack of resources and funding, combined with the usage of legacy systems, enables attackers to disrupt the day-to-day operations of schools while stealing valuable information from school networks to ransom them for amounts that the schools could ill afford.

Ransomware incidents cause significant damage in terms of finances, reputation, and data security. In 2021, US schools lost $3.56 billion due to ransomware attacks; in two cases, it led to the permanent closure of two educational institutions.

In this blog, we provide a snapshot of how Securin is helping schools gain resilience against cyberattacks and evolving threats, while highlighting what schools can do to stay safe from ransomware attacks.

How Securin is Helping a US State School District Improve Its Security Posture

Here are the results of an assessment that Securin conducted for a US state’s educational department.


We investigated 188 district and charter schools for the state and scanned 1172 assets. Here is what we found: Among the 1172 assets discovered, there were 2221 findings with 519 unique vulnerabilities.

Weaponized Vulnerabilities: We also found that 374 vulnerabilities were weaponized and could be exploited by attackers to gain access to school systems and steal data.

Based on our AI and ML-based predictive analysis, Securin’s researchers warn that 78 (17%) of the existing vulnerabilities will most likely be exploited by malicious actors and must be remediated immediately.


RCE/PE Vulnerabilities: We identified and prioritized 33 RCE/PE vulnerabilities that need to be immediately remediated, as they allow hackers to remotely execute malicious code. If left unchecked, data and access losses will be imminent.

Ransomware-Associated Vulnerabilities: Three of the district schools have vulnerabilities with known ransomware exploitation instances:

  • CVE 2019-11043 is associated with NextCry ransomware. This ransomware encrypts files on the NextCloud servers. This is a trending PHP CVE that has the maximum possibility of exploitation in schools and NAS devices. Our recommendation to schools was to upgrade to PHP version 7.3.11 and to remediate the vulnerability immediately.

  • CVE-2021-34473 is associated with LockFile, BlackByte, and Conti ransomware groups. Our research also shows that the Conti and LockFile groups are actively being deployed by APT groups, such as Wizard Spider, Exotic Lily, and DEV-0401 to attack prominent organizations.

  • CVE-2018-19943, a command injection vulnerability, and CVE-2018-19949 are associated with eCh0raix ransomware.

Vulnerabilities on CISA’s KEV List: 374 of the discovered vulnerabilities are on the CISA-KEV list, which is a list of vulnerabilities with known instances of exploitation.

Vulnerability Aging: 22% of the vulnerabilities could potentially be present in systems since 2001 (based on the vulnerability age). This extremely dangerous as there are many attack methodologies readily available, which would have been refined over the years. Interestingly, 45% of the exploits have cropped up in the last six years.

As a result of Securin’s asset scan and exposure prioritization, 30 out of 74 schools performed remediation on open weaponized vulnerabilities and improved their security posture.

Four Overlooked Exposures That Schools Should Look For

A cyberattack can result from multiple exposures introduced into organizational attack surfaces. However, these can easily be discovered if you know how to search. Let us look at some of the possible attack methods utilized in recent years.

  • Unpatched Vulnerabilities: The Pysa and Sabbath ransomware groups were among those that exploited unpatched vulnerabilities in school networks to seize their systems.

  • Connected Devices: Malicious actors take advantage of connected devices to deploy botnets and malware and stealthily invade networks.

    • Devices were exposed to an SSH server targeted by FritzFrog in a P2P botnet attack.

    • The APT group, Sparkling Goblin, adopted a new backdoor technique called SideWalk to penetrate cybersecurity defenses of multiple targets, including educational institutions.

  • Exposures in Third-Party Software: This is probably one of the most overlooked dangers that can compromise school networks. A vulnerability in a third-party application used by schools can lead to educational institutions being caught unawares when exploited. Here are a few examples of how these can be used against organizations.

    • CVE-2022-1609, a critical vulnerability was observed in School Management Pro, a WordPress plugin with over 3,40,000 customers—exploitation of which could allow complete control of school websites.

    • A breach of Illuminate’s eduCLIMBER, an academic progress monitoring tool, exposed the personal data of 1700 students. Earlier, the New York City Department of Education was also impacted by the breach exposing data of 820,000 current and former students and was touted to be the single-largest data breach of student data.

    • Approximately 30,000 WordPress-hosted university websites in Ukraine were hacked as part of the Russian-Ukrainian war; nearly 100,000 attacks in 24 hours.

    • A ransomware attack on a leading school website services provider disrupted servers and the regular functioning of thousands of schools using the SaaS provider.

    • Critical zero-day vulnerabilities were found in Fedena, a now-abandoned software used for school management.

    • Personal information of around 500,00 students and 60,000 staff in Chicago Public Schools was stolen in a ransomware attack on the K-12 technology vendor, Battelle for Kids.

  • Exposures Introduced by Misconfigurations: Mistakes while configuring assets or network-related parameters can be costly, as some schools found out when their databases were compromised.

    • Misconfigured certificates in eduroam, a free Wi-Fi network used by many universities, exposed the credentials of multiple users.

  • A data leak due to incorrect access configuration allowed access to a Google drive containing the private information of 3000 students and 100 department employees across New York City.

While the above list is by no means complete, it gives us a good idea of the number of exposures in school networks.

Current State of Cybersecurity in US Schools

Even while we worked with the above-mentioned US state school, attacks on prominent public schools and colleges kept occurring.

Time Period





September 2022 LAUSD Los Angeles Ransomware Attack Vice Society, a ransomware group, claimed to have stolen files from compromised LAUSD systems before encrypting them with ransomware.
August 2022 Whitworth University Washington Ransomware Attack Whitworth University suffered a severe ransomware attack from the LockBit group. Personal data of students and staff were stolen in this attack.
July 2022 Cedar Rapids Schools Iowa Ransomware Attack Cedar Rapids had to pay a huge ransom to keep the personal data of staff and students from being exposed.

June 2022

Tenafly Public Schools

New Jersey

Ransomware Attack

NJ district public schools cancelled all final exams after their systems were encrypted by malicious agents.

December 2021 – May 2022

Lincoln College


Ransomware Attack

157-year-old college had to shut down

May 2022

North Orange County Community College District


Ransomware Attack

Data breach of 19,000 students and staff’ personal information

December 2021

Chicago Public Schools


Ransomware Attack

Personal information of around 500,00 students and 60000 staff stolen

October 2021

A US School district

Sabbath Ransomware Attack

Multi-million dollar ransom demanded along with triple extortion

September 2021

Lufkin Independent School District


Ransomware Attack

Several systems shut down, disrupting services

September 2021

Dallas Independent School District



Sensitive personal data of students exposed

August 2021

K-12 schools


Pysa Ransomware Attack

Eight schools hit

July 2021

Public Schools


Ransomware Attack

June 2021

Judson Independent School District


Ransomware Attack

Computer and communication systems were paralyzed

A look at the attacks listed shows that over 50% of these incidents spiralled quickly into full-fledged ransomware attacks. Research shows that in the US alone, over 1043 schools and colleges were subjected to 77 individual ransomware attacks in 2021. When a school is exposed to a ransomware attack, it has dire financial consequences, and data breaches that lead to the exposure of confidential information about students can lead to identity theft.

Our research also notes two threat actors: APT 1 (China-based cyber-espionage group) and Tilted Temple are targeting the education sector, primarily in the US.

Five Things That Schools Can Do to Safeguard Themselves

Schools are an easy target for cybercriminals because of the following reasons:

  • Abundance of sensitive information (social security numbers, medical files, family information, and academic records) left open to the internet

  • Not enough network defenses to safeguard data

  • No periodic checks to discover vulnerabilities

While many schools have been made examples with countless cyber attacks carried out against them, we do not see a proper response from the decision makers. It is high time authorities stepped up and took measures to curb attacks and the consequential impact on millions of students around the globe.

  1. Keep up to date with the K-12 Cybersecurity Act and other advisories.

  2. Implement CISA KEV and advisory patch recommendations sooner rather than later.

  3. Deploy adequate resources to monitor the security situation of schools regularly.

  4. Perform routine checks and apply remediation measures immediately. If possible, automate this process.

  5. Have a contingency plan for when your systems are under attack.

A penetration test helped the University of Kentucky discover a data breach that was the result of a vulnerability in a web-based portal developed by the university.

Securin provides various tools and services such as Attack Surface Management, VMaaS, Penetration Testing, and Ransomware Assessments to help protect organizations against various types of cyberattacks. You can reach out to us to understand the specific tools that would cater to your organization’s needs.

Share This Post On