Wednesday, December 9, 2020

Surge in DDos and DoS Attacks

This can be a follow-up to my Sunday’s post “The Debate on Online Learning”. 

Since the coronavirus pandemic began, almost overnight, educators were forced to move offline schooling to remote or hybrid learning environments – with little to almost no preparation. 

Today, I read a Kaspersky Security Network report that highlighted a steep surge in the number of users in Southeast Asia had encountered threats disguised as e-learning and video conferencing platforms during the first three quarters of 2020. 

Kaspersky said it found threats masquerading as some popular e-learning platforms including Zoom, Google Classroom, Google Meet, Moodle, Blackboard, Coursera and edX.


The global cybersecurity company’s general manager for Southeast Asia Yeo Siang Tiong said that educators are increasingly overwhelmed and anxious – so they are more vulnerable to falling prey to old but effective social engineering tricks such as phishing and scams. 

Between January and June 2020, the number of Distributed Denial of Service (DDoS) attacks affecting educational resources shot up by at least 350% when compared to the corresponding period in 2019. 

Kaspersky noted that the total number of denial of service (DoS) attacks globally, particularly on educational resources, had increased by 80 percent in Q1 2020 alone compared to the same period the previous year. 

DoS attacks are used by cybercriminals to overwhelm a network server with multiple requests in the hope of crashing that server – thereby denying user access. These attacks are problematic as they can last anywhere between days to a couple of weeks. 

In fact, in June, Microsoft Security Intelligence had reported that the education industry accounted for 61 percent of the 7.7 million malware encounters experienced by enterprises in the previous 30 days – more than any other sector. 

According to the same Kaspersky document, for the January-June 2020 period, the platform most commonly used as a lure was Zoom, with 99.5% of the users that encountered threats via files that contained the name Zoom. 

The second most common platform used as a lure was Moodle. 

By far the most common threats encountered in 2020 were downloaders and adware, which were encountered in 98.77% of the total registered infection attempts. 

And trojans were the second most common. 

Also a host of phishing websites for popular platforms like Google Classroom and Zoom began to pop up following the switch to distance learning. 

From the end of April to mid-June, Check Point Research discovered that 2,449 domains related to Zoom had been registered, 32 of which were malicious and 320 of which were “suspicious”. Suspicious domains were also registered for Microsoft Teams and Google Meet. 

Users who land on these phishing pages are often tricked into clicking URLs that download malicious programs, or they might be tricked into inputting their login credentials, which would put these in the hands of cybercriminals. 

These criminals might not even be after access to your account. They can use your login credentials for nefarious purposes such as launching spam or phishing attacks, gaining access to your other accounts as people often reuse passwords, or collecting more personally identifiable information to be used in future attacks/attempts to steal funds. 

Most universities have their own platforms where students and faculty can login to access important resources as well as academic services. And so, cases have been documented that attackers had gone so far as to target specific universities by creating phishing pages for their individual academic login pages. 

Apart from fake web pages, cybercriminals sent out an increasing number of phishing emails related to these same platforms. These told users they had missed a meeting, a class had been canceled, or it was time to activate their accounts. Of course, if they opened the email and clicked on any links, they were at risk of downloading threats. 

Online learning is not a short-term response to a global pandemic. It is here to stay. 

However, as long as online learning continues to grow in popularity, cybercriminals will attempt to exploit this fact for their own gain. That means educational organizations will continue to face a growing landscape of cyber risks. 

Fortunately, engaging – and secure – online academic experiences are possible. Educational institutions just need to review their cybersecurity programs and adopt appropriate measures to better secure their online learning environments and resources.

No comments: