Lawmakers Alerted of Cyber Attacks Targeting K-12 Schools | Eastern North Carolina Now

    Publisher's note: The author of this post is Lindsay Marchello, who is an associate editor for the Carolina Journal, John Hood Publisher.

Hackers use emails and fake identities to infect school computer networks, personnel files


    Cyber attackers are increasingly targeting K-12 schools, leading to an urgent need for more cyber security, says Phil Emer, director of Technology Planning and Policy at the N.C. State University Friday Institute.

    Emer informed legislators on the growing threat during a Joint Legislative Education Oversight Committee meeting Tuesday, March 6.

    "Schools are actually getting targeted specifically now," Emer said. "Not only have North Carolina schools been targeted, but a lot of municipalities and counties in the state have been targeted."

    In December 2016, the Department of Public Instruction released a report on cyber security, which shows most school districts aren't prepared for a cyber attack. Smaller school districts and charter schools are particularly vulnerable.

    The School Connectivity Initiative, which aimed to provide internet access to schools, was amended in the 2017 budget to include cyber security. The amendment tells the State Board of Education and DPI to work with the Friday Institute to assess cyber threats and provide cyber security training.

    Emer said the expansion includes continuous monitoring and risk assessments, security advisory and consulting services, and security training. Funding for continuous monitoring and risk assessments adds up to $200,000 for each year of the biennium.

    "We have seen repeated malware attacks and continuous reinfections," Emer said. "A number of devices in a school district will become compromised, they'll detect them and clean them, and then immediately or almost immediately they will get reinfected."

    Emer said dealing with malware infections can be costly and take up a significant amount of time, but practicing better cyber hygiene could prevent these infections.

    Cyber attacks come in many forms including ransomware attacks, phishing email scams, and session hijacking. Another form of attack, denial of service, happens when an attacker prevents the legitimate use of a website through a bombardment of fake requests.

    "There are students in North Carolina who have gone on to websites and have bought a denial of service to attack their own school during a test day," Emer said. "But beyond all, the entry point for virtually all of the risk and all of the hacks tends to be email."

    Emer said emails are primarily used because they are cheap, and it's relatively easy to get people to click on a link in an email. Hackers use fake links to get behind corporate firewalls or other security measures to gain access to passwords and other devices in the system. Phishing emails can look like they are from Netflix, UPS, or Bank of America, when in fact they are a scam to gain sensitive information.

    In North Carolina, CFOs and school accountants have been getting emails from people masquerading as superintendents. These hackers establish a conversation first and then ask for the federal W-2 forms for employees at certain schools. Emer said at least one school district fell for this ploy last year.

    "They are getting very sophisticated," Emer warned. "This was a very targeted attack."

    Emer said that security services are provided through SCI, but school districts and charter schools need more assistance to protect from and respond to cyber attacks.

    Other possible preventative steps include using cloud-based services to reduce exposure to cyber threats and closely monitoring networks and systems.
Go Back


Leave a Guest Comment

Your Name or Alias
Your Email Address ( your email address will not be published)
Enter Your Comment ( no code or urls allowed, text only please )




State Licensing Board Relents, lets Makeup Schools Operate Without a License Carolina Journal, Editorials, Op-Ed & Politics The Right to Earn a Living Act: Licensing Should Serve a Legitimate Public Purpose


HbAD0

Latest Op-Ed & Politics

Goldman Sachs recently informed its clients that it expects home values to tank in four major markets across the U.S. amid worsening economic conditions.

HbAD1

REAL Definition The Left Doesn’t Want You To See
After getting into yet another public spat with ChatGPT, Representative Alexandria Ocasio-Cortez has accused the program of wanting to date her.
Former Trump administration official Mike Pompeo accused Rep. Adam Schiff (D-CA) of leaking classified information.
A unanimous N.C. Court of Appeals panel has ruled that University of North Carolina System students cannot sue for partial refunds of tuition and fees paid for the spring 2020 semester.
Meta announced Wednesday it will end former President Trump’s suspension from Facebook and Instagram, saying the penalty imposed after January 6 was “an extraordinary decision taken in extraordinary circumstances,” and sternly pledging to enforce “certain guardrails” on Trump in the future.

HbAD2

Members of Cornerstone Calvary Community Congregation City Church were in for a shock this past Sunday as they were greeted at the doors to the church by an army of state-of-the-art robo-greeters.

HbAD3

 
Back to Top