now browsing by tag


#schoolsafety | Cops in Syracuse schools: friendly face or occupying force? Their future debated | #parenting | #parenting | #kids

Syracuse, N.Y. — In 2008, a police officer assigned to Corcoran High School broke a 15-year-old girl’s nose after he punched her in the face. The officer said the girl […] View full post on National Cyber Security

#school | #ransomware | Cybersecurity incidents at schools nearly triple in 2019

Source: National Cyber Security – Produced By Gregory Evans

Public K-12 education agencies across the nation reported 348 cybersecurity incidents during 2019—nearly three times as many incidents as were publicly disclosed during 2018.

A report from the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review,  says many of these incidents caused significant problems. They resulted  in the theft of millions of  dollars, stolen identities, and the denial of access to school technology systems for weeks or longer.

Student and educator data breaches were the most commonly experienced type of incident in 2019. More than half of these were because of the actions of insiders to the school community, including edtech vendors and other third-party partners. The next most frequent type of cyber incident experienced by schools during 2019 was ransomware.

Data for the report comes from publicly disclosed incidents cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:

  • publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools, and other public education agencies (such as regional and state education agencies) in the 50 states and Washington, D.C.
  • the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

The 348 incidents in 2019 involved 336 education agencies across 44 states; 329 of those involved regular public school districts. Suburban districts were the more common target (44.31%), followed by rural (22.75%).

Schools from the Northeast were victimized most often (33.93%), followed by the Central region (27.08%), West (25%) and Southeast (13.99%).

Since 2016, the K-12 Cyber Incident Map has documented more than 775 publicly disclosed incidents affecting students and educators.

Although acknowledging that the odds of experiencing an incident appear to vary by school district characteristics, the report stresses that the resource center “has documented school districts of every size and type that have experienced data breaches, phishing attacks, and ransomware/malware outbreak.”

“School district leaders would do well to understand that no school district is safe from a potential incident,” the report recommends.

Source link

The post #school | #ransomware | Cybersecurity incidents at schools nearly triple in 2019 appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Commentary: Cybersecurity breaches at Texas schools cost taxpayers millions

Source: National Cyber Security – Produced By Gregory Evans

According to data assembled by the K-12 Cybersecurity Resource Center, no state has experienced a greater number of publicly disclosed school cybersecurity incidents in recent years than Texas. These incidents have resulted in the theft of millions of taxpayer dollars, widespread destruction and outages of school IT systems, and large-scale identity theft.

Consider that Manor Independent School District lost $2.3 million in a targeted email phishing scam in January. In similar attacks last year, nearly $2 million was stolen from Crowley ISD, while Henderson ISD lost more than $600,000.

Malicious actors have employed other digital weapons, such as ransomware, to extort money from at least a half dozen Texas districts since 2017. The most recent incident, in Port Neches-Groves ISD, resulted in a $35,000 bitcoin payment to cybercriminals in exchange for the digital keys to restore access to the district’s IT systems. And school vendors such as Pearson have experienced large-scale breaches of student data at the same time that thousands of Texas educators and administrators have had their identities and personal bank accounts emptied by cyberthieves.

Given that schools’ reliance on technology for teaching, learning and operations will continue to grow, trustees and administrators should embrace their responsibility to safeguard their school communities from emerging digital threats.

The passage of Senate Bill 820 by the Texas Legislature encourages school districts to put in place commonsense security controls, but it falls short of guaranteeing such controls will be implemented effectively or in proportion to the threats facing districts.

If school trustees and administrators are to make real progress in managing cybersecurity risks, they will need to foster better information-sharing and cooperation across districts; make the case in their communities for spending time and resources on building cybersecurity awareness, tooling and expertise; and embrace the legislative requirement to develop meaningful cybersecurity policies and plans.

While there is variability in how school districts use and rely on technology, there are more similarities in terms of security challenges than differences. Since cybercriminals target school districts nationwide with the same scams, it is imperative IT leaders in school districts collaborate. Indeed, one of the biggest challenges in responding to these threats is the veil of secrecy surrounding school cybersecurity.

Any meaningful response to the issue will also require more money and more expertise. While state — and even federal — resources would undoubtedly help, school districts will likely have to look for other funding and sources of support. Students, parents and teachers should all be allies in this cause.

While educational technology offers exciting opportunities for students and teachers, its use introduces new risks. While the passage of SB 820 is laudable, it is only one step in a much longer journey to keep Texas school districts cybersecure. In the end, we won’t see fewer successful phishing attacks, fewer ransomware incidents or fewer data breaches until all superintendents and trustees jointly embrace their cybersecurity governance responsibilities.

Doug Levin is president and founder of the K-12 Cybersecurity Resource Center (, which was launched in 2018 to shed light on the emerging cybersecurity risks facing public schools.

Source link

The post #school | #ransomware | Commentary: Cybersecurity breaches at Texas schools cost taxpayers millions appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ransomware attacks prompt push for US schools cybersecurity bill

Source: National Cyber Security – Produced By Gregory Evans

We do need an education

With schools across the US increasingly falling prey to ransomware attacks, two US senators are calling for the Department of Homeland Security (DHS) to create a set of guidelines to help schools improve their cybersecurity systems.

Senators Gary Peters, a Democrat representing Michigan, and Rick Scott, a Republican for Florida, have introduced a bill instructing the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to examine schools’ security risks and challenges.

The K-12 Cybersecurity Act of 2019 (PDF) would also require CISA to create a set of cybersecurity recommendations and online tools for schools over the next year.

The tools would be designed to educate officials about the new recommendations and suggest strategies for implementing them.

There’s no detail on what these recommendations and tools might be, and no funding has been allocated.

However, the bill is similar in principle to the State and Local Government Cybersecurity Improvement Act, recently passed by the Senate, which would see the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) providing state and local officials with access to security tools and procedures and carrying out joint cybersecurity exercises.

“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of [the] resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Peters.

“This common-sense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”

Off syllabus

Over the last few years, there has been an increasing number of ransomware attacks on US public sector organisations, including schools.

Data from cloud security firm Armor shows that 72 school districts or individual educational institutions have publicly reported being a victim of ransomware this year, with 1,039 schools impacted.

Connecticut saw seven school districts hit, while Louisiana went so far as to declare a state of emergency after schools across the north of the state were hit by malware in July. The Rockville Centre, New York, school district, paid out nearly $100,000 after being hit by the Ryuk ransomware in August.

Indeed, according to research from Malwarebytes, education was the top target for trojan malware during the 2018-2019 school year, and the most-detected threat category for all businesses in 2018 and early 2019. Adware, trojans, and backdoors were the three most common threats, with ransomware attacks soaring by 365% in the year to Q2 2019.

Schools are particularly easy targets, as they tend to be short on funding and often have outdated systems.

Adam Kujawa, a director of Malwarebytes Labs, told The Daily Swig: “Education organizations face several issues in reference to securing networks that many private businesses don’t deal with.

“For example, the increased opportunity for infection due to endpoints being spread across a campus, being accessed by both student and staff, many of which can affect the security of that endpoint and possibly the entire network with careless use – opening malware – or intentional malice.

“Overall, this kind of environment shouldn’t be treated as any other organization, so I am glad they are doing a study first to identify the unique problems educational networks deal with. We will have to wait and see if the results of this study – the tools developed and made available – will be effective or even deployed across the board.”

RELATED Ryuk ransomware implicated in City of New Orleans shutdown

Source link

The post #school | #ransomware | Ransomware attacks prompt push for US schools cybersecurity bill appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Hacking should be taught in schools ‘like sport’ to stop children becoming criminals, says Lauri Love 

Source: National Cyber Security – Produced By Gregory Evans

Hacking and other cybersecurity skills should be taught in schools in a similar way to sports, said alleged hacker Lauri Love.

The activist, who won a legal battle in 2018 to block his extradition to the US over allegations that he hacked into computer networks including NASA, the Federal Reserve and the US Army, said schools in the UK need to be more sophisticated in the way they teach technical skills to students.

“We need to treat this a bit like we treat sport,” Mr Love said at an event in London run by cybersecurity business Redscan.

Mr Love said that students should be given a “structured, controlled environment” to learn cybersecurity skills in order to stop them engaging in criminal behaviour….

Source link

The post #hacking | Hacking should be taught in schools ‘like sport’ to stop children becoming criminals, says Lauri Love  appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Las Cruces Public Schools computers still offline a week after hacking attack

Source: National Cyber Security – Produced By Gregory Evans Education LAS CRUCES, New Mexico — The computer network for the Las Cruces Public Schools remained offline a week after a ransomware attack by hackers forced the shutdown of the entire system. After originally trying to get existing servers for dozens of schools back online late […] View full post on

#infosec | #(ISC)²: Hero Pilot Schools Cybersecurity Professionals

Source: National Cyber Security – Produced By Gregory Evans

The ninth annual (ISC)² Security Congress got off to a flying start with a lesson in handling pressure from retired pilot captain Chesley “Sully” Sullenberger.

Sullenberger famously landed US Airways Flight 1549 in the Hudson River on January 15, 2009, after both engines were disabled by a bird strike. While the Canada geese that struck the plane didn’t live to see another day, incredibly, everyone on the plane survived.

The feat performed by Sullenberger and the flight’s first officer, Jeffrey Skiles, on that cold winter day was even more remarkable since the only water-landing training they had undergone was a theoretical discussion of how it might be done.

Sullenberger began his keynote by paying tribute to Jeff, the crew, and the first responders, emphasizing that “a successful outcome requires the efforts of many people.”

He then described the terrifying events of that fateful day, which unfolded over just 208 seconds. Sullenberger said a lifetime of preparation was what enabled him to deal with the genuine life-or-death situation he encountered. 

The former pilot, now aged 68, paid tribute to his grandparents, who imbued him with a “lifelong love of reading and learning.” 

He entreated the gathered crowd to “never stop investigating” and to “change before you’re forced to”—to embrace innovation and change so they are better able to handle adversity. 

Sullenberger added: “As the pace of change accelerates, most of us can’t get through our entire working lifetime with just one skillset. Instead, we must keep on learning, growing, stretching ourselves.” 

The husband and father of two credited his grandparents and parents with teaching him that with any authority comes responsibility, a lesson that was ground in even deeper during his US air force training.

Sullenberger underlined the importance of civic responsibility for normal life to function, saying: “If we didn’t give each other these little gifts of civic behavior, civilization wouldn’t be possible. Everyday activities we take for granted, like driving down the highway, would be suicidal if we didn’t.”

Other key takeaways from Sullenberger’s keynote were that decisions “must be based on facts, not fears, and certainly not falsehoods,” and that leaders should lead through personal example. 

Sullenberger finished by saying that his colleagues had observed the way he lived his life, helping people and sticking to his core values. 

“It turned out my reputation had been built one interaction, one person, one day at a time.” 

He asked people to take the opportunity each encounter with another person provides to do good.  


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | #(ISC)²: Hero Pilot Schools Cybersecurity Professionals appeared first on National Cyber Security.

View full post on National Cyber Security

Schools are #educating #students in #cyber-security

Source: National Cyber Security – Produced By Gregory Evans

The data-based world is well and truly upon us. All of our information is online, stored safely away by privacy companies who control the multitudes of data we entrust to Facebook, Twitter and even our mobile banking apps.

In our digitised world, data is synonymous with money. Through our stored data, businesses can work out who we are, where we live, what we do, how much we earn, who our friends are and what we desire.

Although this data can be used for good – such as tracking terror threats and increasing business transparency – there are also people who will use it for evil: cyber-attackers.

Cyber-attacks are the bank robbers of the data-sphere. If they manage to hack into your secure data, they have all the information they need to sell your data to companies, steal your identity and even steal your money.

This is why the UK has launched the £20 million (US$27 million) Cyber Discovery programme. The programme encourages 14 to 18-year-olds to engage with security problems in cyberspace to prevent a skills gap occurring as the economy develops, reports the BBC.

As the global technological industry surges forward, the need for skilled cyber-security experts also blooms. Jobs in cyber-security are expected to grow 28 percent in the next 10 years. This makes it a more promising career prospect than other computer jobs, which are predicted to increase by 10 percent, according to the US Bureau of Labor Statistics.

Nicholas Coppolino, who teaches networking classes for Parkville High in Maryland, US, titled Security Plus and Network Defense, told Education Week that the challenge with teaching cyber-security is how quickly trends move on.

Coppolino says online resources such as Hacker Highschool and Cyber Aces are integral to be able to provide his students with relevant information on the ever changing cyber-security field.

Head of cyber-risk at Deloitte Phil Everson told the BBC: “There’s already significant global demand for cyber-talent across the world and there are not enough skilled people to meet that demand.

“We want to try to give the younger generation, who have grown up with the Internet, an awareness of security and its implications.”

Ian Glover, who heads the Crest organisation that certifies people who carry out security work, said: “If you can get them interested in technology that’s great, but you need to be able to describe the range of roles there are in cyber-security and the benefits of being in the industry, because it’s an awesome place to be.” 

The post Schools are #educating #students in #cyber-security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers are #targeting schools, #U.S. Department of Education warns

Source: National Cyber Security – Produced By Gregory Evans

Hackers are #targeting schools, #U.S. Department of Education warns

When Superintendent Steve Bradshaw first received a threatening text message in mid-September, he didn’t know it was coming from a hacker trying to exploit his Montana school district.
But soon, students and other schools around Flathead County were receiving threatening messages, too. More than 30 schools in the district shutdown for three days.
“The messages weren’t pleasant messages,” Bradshaw said. “They were ‘splatter kids’ blood in the hallways,’ and things like that.”
The U.S. Department of Education is now warning teachers, parents, and K-12 education staff of a cyberthreat targeting school districts across the country.
So far, at least three states have been targeted by the extortion attempt from hackers asking schools to give them money or the group will release stolen private records, according to the department.

“In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received,” the department wrote in an advisory this week.
Bradshaw, the superintendent of schools in Columbia Falls, Montana said a hacking group broke into multiple school servers and stole personal information on students and possibly staff. He said after the threatening messages came, hackers asked for ransom.
In a ransom note sent to a number of Columbia Falls school district members and released by the county’s sheriff’s department, the hacking group called the Dark Overlord threatened the district and demanded up to $150,000 in bitcoin to destroy the stolen private data.
The threatening letter talked about use of force, mentioned the name “Sandy Hook,” the elementary school in Connecticut where 20 small children and six adults were shot dead, and said victims would suffer financial and reputational damage.
Law enforcement said they did not believe the threats and determined the attackers were located outside of the U.S.
“We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money,” the Flathead County Sheriff’s Office said in a Facebook post last month.
Bradshaw said the district is not paying the ransom, and he is still receiving threatening messages.

The same hackers also targeted the Johnson Community School District in Iowa earlier this month, and the district canceled all classes on October 3. According to local media reports, the hackers also sent threatening text messages to children and their parents.
The hacking group previously attempted to extort Netflix (NFLX, Tech30) after hacking its production studio, Larson Studios. The group released episodes of Orange is the New Black online last spring.
It’s unclear why the Dark Overlord began targeting schools but someone from the hacking group told the Daily Beast they are “escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us.”
The Department of Education says the hackers are probably targeting districts “with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” It advises districts to conduct security audits and patch vulnerable systems, train staff on data security best practices, and review sensitive data to make sure no outside actors can access it.
According to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, school environments often don’t have a lot of technology resources dedicated to security, but have some of the richest personal information on people, including social security numbers, birth dates, and, potentially, medical and financial information.
“If bad actors can access student [personal data], that information can be exploited for the purpose of fraud and committing crimes for years before it is detected,” Kavaney says. “It’s often only upon application for a job, or application for financial aid to attend college that students find out that their social security number has been used fraudulently — they may have poor credit due to false applications against their history, or worse, find that crime has been committed in their name.”
Bradshaw says the ordeal has been stressful and troubling. Because the district hasn’t paid the hackers, they’re still threatening to release the data online. But, he said, the response from law enforcement and the Flathead County community has been positive.
“We still got people in this country that believe in one another, and it’s been easier to get through than you would have thought,” Bradshaw said. “People care about people in this state.”

The post Hackers are #targeting schools, #U.S. Department of Education warns appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Schools re-examine cybersecurity measures after Flathead hacking

Source: National Cyber Security – Produced By Gregory Evans

We’re looking into school cybersecurity after a hacker’s threats forced Flathead Valley officials to cancel school for three days. A group called Dark Overlord Solutions demanded money to keep the personal information it stole safe. Now other school districts are re-examining their cybersecurity.   When we started asking questions, we…

The post Schools re-examine cybersecurity measures after Flathead hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures