Why Education is the New Cybercrime Epicenter

As large enterprises continue to strengthen their security posture, we’ve seen a sustained shift toward attacks on so-called “soft targets.” These organizations are essential to the functioning of our society, but they also tend to be comparatively less secure and resilient due to inadequate staffing and resources. Unfortunately, this has made them highly attractive targets for cybercriminals.

While state and local governments once bore the brunt of these attacks, the huge increase in technology used by K-12 schools and universities during the pandemic has brought a corresponding rise in attacks on education customers.

SonicWall Data Shows an Industry Under Attack

And this trend shows up in our data time and again. In our Mid-Year Update to the 2023 SonicWall Cyber Threat Report, SonicWall identified 2% decrease in malware overall—but a 179% increase in malware targeting education customers.

While this stat included a 42% decrease in malware attacks on higher education and an 80% decrease in attacks on other education customers, such as driving schools and exam and test prep, those gains were more than offset by a 466% increase in malware targeting K-12 schools.

Encrypted attacks on education also increased significantly, up 2,580% compared with this time in 2022. And while schools have scarcely been on the radar of cryptojackers in the past, the first six months of 2023 brought a staggering 320 times as many cryptojacking hits as in the first half of 2022.

This is a bigger danger to education customers than it may initially appear. Cryptojacking can decrease the speed of your network by nearly 70%, making it significantly harder for instructors to teach and for students to research, take exams and collaborate. The demands of illicit mining have also been known to tax devices to the point of overheating and even catching fire.

But even in cases where cryptojacking causes no immediately discernible catastrophic effect, that doesn’t mean it’s harmless. If an attacker has accessed your network, they could be exfiltrating customer data, stealing intellectual property or doing any number of other things that you aren’t seeing.

A Wider Trend

This uptick isn’t exclusive to SonicWall customers, however. According to CISA, the number of attacks on K-12 schools more than quadrupled between 2018 and 2021, from about 400 in 2018 to more than 1,300 in 2021. The Center for Internet Security found that by the end of 2021, nearly 1 in 3 U.S. school districts had been breached — while this is the most recent data currently available, this total is certainly much higher by now.

A report from the U.S. Government Accountability Office highlights the effects of such attacks. Its research found that cyberattacks on K-12 institutions resulted in a loss of learning ranging from 3 days to 3 weeks, with recovery time stretching from 2 to 9 months.

And while the U.S. may see the most cyberattacks on schools, these sorts of attacks are rising everywhere. A recent National Cyber Security Centre report found that nearly 80% of UK schools have experienced at least one type of cyber incident.

Schools generally don’t pay ransom demands, so why are so many researchers showing an uptick in these attacks compared with other “soft targets”? A lot of it has to do with data. While easily accessible staff and administrator PII data is attractive, it’s only part of the picture.

Many adults monitor their credit and quickly notice if a new account or large transaction under their name has appeared. But few check the credit of their children, allowing criminals and other bad actors to act with impunity years or even decades before a person will have occasion to have their credit checked.

A particularly egregious example followed the 2020 attack on Toledo Public Schools: Parents there reported that they had begun receiving mail indicating someone was trying to open car loans and credit card in students’ names.

Who’s Behind These Attacks?

The most well-known group attacking education right now is Vice Society. In September 2022, the group attacked the Los Angeles Unified School district, the second-biggest public school system in the U.S. When the district refused to pay the ransom demand, the group posted 500 GB of data on its dark web leak site.

That same month, CISA issued a Joint Cybersecurity Advisory on the group, warning that it was “disproportionately targeting the education sector with ransomware attacks.” As reported by CBS News, over 40 educational organizations, including 15 in the U.S., were victims of ransomware attacks at the hands of Vice Society in 2022.

While the group appears to be diversifying somewhat in 2023, they’re still actively targeting education, with attacks on Okanagen College in British Columbia, Canada; Lewis and Clark College in Portland, Oregon; Tanbridge House School in West Sussex, U.K.; Guildford County School in London; and countless others.

But while Vice Society may be the most prominent group targeting schools, they’re far from alone. In February, the ALPHV/BlackCat ransomware group released more than 6 GB of data from Ireland’s Munster Technological University, including payroll information and employee records. They were also responsible for 2022 attacks on North Carolina A&T University and Plainedge Public Schools in the U.S.

That same month, the Medusa ransomware group attacked Minneapolis Public School District. The district refused to pay a $1 million ransom, and was able to use backups to successfully restore its systems. But the group had stolen more than 100 GB of data — including intelligence test results, psychological reports and details of sexual abuse allegations — all of which was later leaked to the public.

And in January, the Royal Ransomware Group — perhaps best known for their attack on the city of Dallas, Texas—attacked the Tucson Unified School District, the second-largest district in Arizona, U.S., impacting nearly 30 thousand individuals.

Other high profile attacks in 2023 have included Western Michigan University, Des Moines Public Schools, and Bluefield University in Virginia. In the latter case, the Avoslocker ransomware group used the school’s mass alert system to send a message to the entire campus encouraging students to pressure the university to pay the ransom, lest 1.2 TB of their personal data be leaked.

A Brighter Future?

But despite the increase in attacks, there’s cause to be optimistic. In addition to efforts at the state level, such as those in Texas and Minnesota, there has been a lot of progress at the federal level as well.

In October 2021, U.S. President Biden signed the K-12 Cybersecurity Act, which “requires the Cybersecurity and Infrastructure Security Agency (CISA) to study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include voluntary guidelines designed to assist schools in facing those risks.”

In August 2023, CISA released a trove of guidance, including “K-12 Digital Infrastructure Brief: Defensible and Resilient,”  “Adequate and Futureproof,” and “Privacy-Enhancing, Interoperable and Useful.”

In July 2023, Federal Communications Commission Chair Jessica Rosenworcel proposed a pilot program that would provide up to $200 million in competitive grants aimed at increasing security against cyberthreats among schools and libraries.

And just this month, the U.S. Biden Administration announced the launch of an initiative aimed at strengthening K-12 cybersecurity.  This “government coordinating council” will help ensure that schools are able to respond to and recover from cyberattacks and other cyber incidents.

“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Education Secretary Miguel Cardona said in a release. “The Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps.”

Download our Mid-Year Update to the 2023 SonicWall Cyber Threat Report for the rest of our education data, as well as a look at how cybercrime affected government, finance, retail, and healthcare customers.

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference

It was my privilege to address esteemed members and stakeholders in the education sector on behalf of main sponsor SonicWall at the recent Schoolscape IT 2022 conference.

An event highlighting how technology can integrate into the classroom of the future, Schoolscape IT 2022 took place in Cape Town and Johannesburg. With more than 120 schools and 250 attendees, it was an opportune moment to talk about cybersecurity and its role in building safer educational institutions for students and teachers alike.

Over the last few years, it has become apparent that countries in the Middle East and Africa are more susceptible to ransomware and network attacks. And that’s no less true for their schools and universities.

In a post-pandemic world that is increasingly online, risk has escalated along with the explosion of exposure points and the growth of remote/mobile workers. Securing this cybersecurity reality can be cost-prohibitive, and the acute shortage of trained personnel doesn’t help any. With resources so constrained, it can be hard to keep up with the challenges of today.

How Boundless Cybersecurity Protects Networks at a Lower TCO

The mid-year update to the 2022 SonicWall Cyber Threat Report noted an 11% increase in global malware, a 77% spike in IoT malware and a 132% rise in encrypted threats over the course of 2021. As attacks become more plentiful, sophisticated and complex, so should solutions. Instead of relying on reactive solutions, SonicWall’s boundless cybersecurity is the need of the hour.

Boundless Cybersecurity provides many features that ensure educational institutions are providing safe education, including:

  • Data-centric security posture
  • Always on, always learning software
  • Secure remote and mobile workforce
  • Aware of current and emerging attack vectors and threat sophistication
  • Protecting against the most evasive threats

How SonicWall Facilitates Secure Learning

Secure learning is essential for the safety of schools and students, whether they are in class or studying remotely. SonicWall offers real-time breach prevention and secure access to resources from anywhere, from any device, at any time, using solutions that deliver protection in the network, in the cloud and at the endpoint.

SonicWall's exclusive threat data shows nearly across-the-board increases in threat volume

Later in the event, Ziyad Ashour offered valuable insight into edtech that keeps learners safe. Mr. Ashour, who is the head of ICT for Al Dhafra Private Schools, Abu Dhabi, UAE, talked about how his schools suffered during the pandemic because they were unable to deal with the sudden increase in online traffic and the resulting security threats. He explained how SonicWall was able to provide cybersecurity that safeguarded their school and addressed their specific needs.

SonicWall’s very own Ashley Lawrence (Regional Sales Senior Manager – Sub-Saharan Africa), also spoke at the event, offering a quick intro to the company and the many solutions we provide to our 28,000+ channel partners.

Among the several case studies presented was that of Amanzimtoti High School in South Africa  — a stellar example of how a public school can transform its basic, open network into a secure and powerful tool for both students and teachers. The school used the TZ 600 next-generation firewall, which allowed them to create two separate networks, one for students and the other for teachers.

We also presented the success stories of Johannesburg’s McAuley House School and Pridwin Preparatory School, where SonicWall solutions were deployed to prevent ransomware and help increase remote access for staff, respectively.

With the successful completion of the Schoolscape IT conference 2022, we look forward to next year, where we can continue the important conversation of safe and secure education.

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.

The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.

About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit –

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website –

Are Campus Defenses Keeping Up with Attacks from the Cyber Netherworld?

I took a computer science minor when I was in college. Back then, the school computers were in a heavily secured section of one building, and we accessed them from teletype terminals and punch card readers (no, we did not use charcoal on slates by the fireplace in the log cabin!). There was no reason to worry about the security of our computer work, other than needing to stay on the good side of the staff of the computer center so that they wouldn’t reshuffle our punch cards or “misplace” our printouts.

Fast forward more than a few years, when I was doing graduate work at a public university. I took 30 credits online, using recordings of on-campus classes, regular chat sessions with my instructors and fellow students, and accessing research information, including public and professionals-only data sources, through the school’s online library system and its global connections. I didn’t pay too much attention to the security of my online activities; internet connectivity made them possible, but there weren’t nearly the number of bad actors out on the net that there are today.

Today my son is in college, and it’s natural for him to select a mix of online and in-person classes, even though his school is a short drive away. He relies on his school’s IT infrastructure for classwork, exams, registration, and research, and can access these functions as well as find out anything about what is available on the internet–from his laptop or smartphone. And every one of those transactions takes place in a space that is just seething with cyber muggers, burglars, and every variety of malicious actor you can imagine.

Information is the stock in trade of colleges and universities. Information enables students to pursue their degrees, faculty to teach and research, and staff to keep these institutions running. Much of the information has real value in the cyber netherworld, whether it’s personally identifiable information of students, proprietary research conducted with other schools and industry partners, or financial transactions.

Keeping this information secure is a challenge. In a recent Center for Digital Education survey of higher education IT professionals, 72 percent listed data breaches among their greatest current network security concerns. Their top security concerns for the year ahead? Spam, phishing, and malware. What’s standing in the way of better network security? More than four out of five pointed to budget constraints.

Keeping campus networks secure in the face of ever-increasing growth of data, devices used to access that data, and cyber threats requires more effective and more cost-effective security. To learn more about what’s keeping campus IT leaders up at night, and what they’re doing about it, view our on-demand webcast, Network Security in Education: The changing landscape of campus data security.