According to a report, India is the biggest target of cyber threats to educational institutions and online platforms, followed by USA, UK, Indonesia and Brazil.
The report also stated that the adoption of remote learning, digitization of education and the proliferation of online learning platforms are the major triggers that have increased the attack surface during the COVID-19 pandemic.
The report titled “Cyber Threats Targeting the Global Education Sector” also claimed that the data shows a 20 percent increase in cyber threats to the global education sector in the first three months of 2022 compared to the same period in 2021.
The report has been compiled by the Threat Research and Information Analytics division of CloudSEK, a Singapore-based AI-powered digital risk management enterprise. CloudSEK’s XVigil platform scours thousands of sources (on the surface, deep and deep web) to detect cyber threats, data leaks, brand threats and identity theft.
“Last year, 58 per cent of threats detected in Asia and the Pacific were targeted at Indian or India-based educational institutions and online platforms. Indonesia was second on the list of 10 per cent cyber threats. This included attacks on BYJUs, IIM Kozhikode and Tamil Nadu Directorate of Technical Education,” the report said.
“Overall, the United States was the second most affected country worldwide, with a total of 19 recorded incidents, accounting for 86 percent of threats in North America. These include ransomware attacks on prestigious institutions such as Howard University and the University of California In addition, high-risk API vulnerabilities were uncovered at Coursera, a massive open online course provider,” it added.
According to Darshit Ashara, Principal Threat Researcher, CloudSec, the growing global education and training market, both online and offline, is expected to reach US$7.3 trillion by 2025. Digital penetration in developing countries. Therefore, it is no surprise that cybercriminals are moving towards institutions and institutions in this area,” he said. Adoption of distance learning by schools, universities and related institutions to deal with the disruption caused by the ongoing COVID-19 pandemic; Mass digitization of educational content materials, student data and documents and online learning platforms catering to the needs of everyone from preschool children to retired professionals are among the reasons listed in the report behind the trend.
The report’s findings indicate that many cybercriminals are actively leaking databases, access, vulnerabilities and exploits, and other information related to educational institutions, on cybercrime forums.
“Databases and access are the most sought after data types. Databases leaked from educational institutions mainly contain personally identifiable information (PII) of students and their families, including name, date of birth, email address , phone number and physical address; website user records and credentials and test results and scores,” it said.
Experts have stressed in the report that given the size and impact of the education sector, it is important for institutions, students, parents, teachers and the government to ensure that the information collected and stored is not leaked and exploited by cybercriminals. Creating awareness among users about cyber attacks, online scams and phishing campaigns; Enforcing strong password policies and enabling multi-factor authentication (MFA); Regularly updating and patching software, systems and networks; Maintaining multiple backups both online and offline in different and secure locations; Recommendations made in the report include monitoring logs for unusual traffic and activity for websites and other applications.
“Institutions should block illegitimate IP addresses and disable port forwarding using network firewalls. They must also conduct real-time monitoring of the Internet to identify and mitigate low-hanging threats, such as misconfigured apps, exposed data and leaked access, that are used by cybercriminals to carry out large-scale attacks. benefit is taken. “Students, parents, teachers and staff should refrain from clicking on suspicious emails, messages and links; Do not download or install unverified apps; Use strong passwords and enable Multi-Factor Authentication (MFA) in all accounts,” the report said.