Over 1,000 Indian schools, colleges targeted in cyberattacks in Jun-Sep: Report

NEW DELHI: More than 1,000 schools and colleges in India were targeted in cyber attackers between June and September, in a new wave of spear phishing attacks aimed at educational institutions, Barracuda Networks reported.

Since the pandemic, most schools and colleges have been conducting online classes using video conferencing solutions. Many of the other processes like admissions and hiring have also shifted to online.

Spear phishing is a personalised phishing attack that targets a specific organisation or individual.

During their investigation, researchers at Barracuda found that 57% of malicious emails were sent using compromised internal accounts. The attackers might have got hold of these accounts through Dark Web or social engineering and used them to launch fresh email attacks as there is a high degree of trust associated with accounts that seem to come from legitimate people and domain names.

It was also found that 86% of all business email compromise (BEC) attacks on educational institutions during this period were carried out via Gmail accounts.

Cybercriminals prefer email services like Gmail as they are free, easy to register, and widely used. To make emails look more legitimate, attackers would send the emails loaded with terminology such as ‘principal’, ‘head of department’, ‘school’, and ‘president’.

The malicious emails often started with a convincing subject line to grab the target's attention. Some emails also used covid-19 related activities such as 'new covid guidelines' or 'school meeting on covid' to create a sense of urgency and get targets to click on a malicious link or attachment in them.

“As schools and colleges continue to teach students remotely, it makes both the parties vulnerable to cyberattacks. While online teaching and learning is a crucial part of the new normal, it is also important for students and teachers to act mindfully before, during and post the online classes," cautioned Murali Urs, country manager-India, Barracuda Networks, in a statement.

Experts believe educational institutions are more than twice as vulnerable to a BEC attack than organisations in other sectors.

Educational institutions store vast amounts of sensitive data on their servers including confidential research work, information on students and staff including their addresses and payment details. Due to the large size and number of users, most networks used by them are often not fully secured.