Wednesday 14th September 2022

BLOG: FBI, CISA and MS-ISAC Issues Cybersecurity Warning For Educational Sector

Over the past several years, the educational sector has been a regular target of ransomware attacks. School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable. It was reported in August of this year by cybersecurity professionals that the education sector is most at risk of cyber attack, it has been claimed that the educational sector suffered a 114% increase in the past two years, making it the most threatened industry sector.

FBI, CISA, and MS-ISAC warned last week that schools, U.S. school districts in particular are being increasingly targeted by the Vice Society ransomware group, with more attacks expected after the start of the new school year. This warning came after they observed Vice Society actors disproportionately targeting the education sector with ransomware attacks, subsequently producing this joint advisory. They also “anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”

Following increasing targeted attacks from a ransomware gang, Vice Society, this sector is subject to a joint warning. Having exfiltrated data they demand sizable ransom payments. If you don’t pay your data will be encrypted and your information shared.

According to the advisory board, the attacks derive from initial access to a network through compromised logins of 3rd party internet-facing applications. Once inside exploration begins to identify further opportunities to increase access and add to the data breach for release if ransoms are not paid.

The “modus operandi” can involve the exploitation of known vulnerabilities, such as PrintNightmare to spread laterally within an organisation. Once data is stolen the ransomware attack is deployed and demands are made threatening if they are not paid then files will be shared with underground websites within seven days.

Historic victims have been across continents such as the US, Australia and the UK. Profits are maximised with these groups advising organisations not to seek help as this could add to the ransom amount and/or result in those companies becoming victims of the same scam. Unfortunately, the criminals are true to their word. Their site, on the dark web, lists victims (whom they call “Partners”) and provides links to the files. This includes several hundred passport scans of pupils at a UK Based school.

The FBI is now seeking information that can be shared of communication from foreign IP addresses ransom notes, communications with Vice Society Actors and/or samples of the encrypted files.

With Orpheus Cyber’s cloud-based SaaS platform, we can tell you what to patch first, based on threat actor activity that is relevant to you. This helps you become more secure and use your resources more effectively. There are no implementation costs and our technology does not rely on input from your vendors, making it scalable and immediately actionable. We go beyond point-in-time self-assessment questionnaires to understand the true cyber risk present within organisations’ third parties and supply chains on and continuing basis.

Orpheus provides threat-led, machine learning and predictive capabilities to National Critical infrastructure to identify these types of threat actors to anticipate your threat risk not only internally but also via third-party suppliers. We can provide not only threat intelligence reports but also your threat risk as a company and prioritise those exploits that need addressing the most urgently.

Allow us to guide you through the benefits of the Orpheus portal and the options available to you by requesting a demo, here


Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.