A recently-discovered phishing attack is attempting to invade messages sent between students and teachers. In the campaign an email is spoofed to look like it was sent from the parent of a student. However it includes an attachment file with a malicious macro. The message informs the teacher that an earlier message with a student assignment did not successfully reach their inbox.

It appears that the phishers came into possession of a directory of teacher email addresses via faculty contact lists available on a school website. The message looks extremely authentic as it includes the teacher’s name. Once the malicious file is opened, the macro downloads the ransomware executable files.

Some new tactics seen in this campaign include an SMS alerting the phisher once a recipient downloads the file and the use of Go programming language to create the malicious file. Files encrypted by the ransomware are listed in a text file named “About_Your_Files.txt” and stored on the user’s desktop.

Schools are an attractive target for phishers as they, typically, do no have massive funds to invest in cybersecurity. However, there are a number of measures that schools should introduce, as a minimum, to prevent attacks like this infiltrating their databases.

Email filters will block ransomware attachments before they reach targeted user inboxes. They spot malicious messages and files and place them in a quarantine folder where they can be reviewed by a system administrators to see if they are a false positive. If this is the case then the mail can be sent to the intended recipient.

Backups come into play once a database has been encrypted. They allow schools and other organizations to restore data without handing over any requested ransom. Best practice in this regard is to store backups off-site. Cloud backups are primarily used in disaster recovery strategies required after a ransomware attack. Training and user education is another security measure. Cybersecurity training will help teaching staff identify the tell tale signs of a phishing email and cut off the attack as soon as it begins.

The vast majority of schools have begun to implement digital means of communicating and working with students and parents. This a very efficient way of corresponding and allowed education to continue during all of the COVID-19 enforced lockdowns. However, this also brings new challenges for educational bodies. Cybersecurity may only have been a minimal concern ten years ago but now it needs to be tackled head on to avoid students and staff becoming the victims of hackers.

One very useful tool is WebTitan on-the go (OTG) for Chromebooks. This will allow your organization to safeguard all of your Chromebook users from the dangers associated with online usage. This security solution has been specifically created with the education sector in mind. Along with supporting CIPA compliance it is an inexpensive security filtering solution for Chromebooks.

Schools implementing the use of WebTitan Chromebook client can simply pply policies for all of their Chromebook users by group. Read more information about using WebTitan OTG for Chromebooks here