Hackers are targeting a surprising group of people...

Caute_cautim · ‎03-12-2024

Hi All

When Celeste Gravatt first heard about a data breach in her kids' school system in February 2023, it sounded innocuous.

"I didn't really think anything of it at first," Gravatt says.

Officials at Minneapolis Public Schools called it a "system incident," then "technical difficulties," and finally, "an encryption event."

Gravatt has two children who have already graduated from Minneapolis schools, and one who is currently in middle school. She says it was only when she checked social media that she realized the true extent of the attack, and what it could mean for her kids.

Minneapolis Public Schools had been hit by what experts describe as one of the most devastating cyberattacks ever. Hackers stole district data, including files where children were identifiable, and then demanded the district pay a ransom for it. When district officials refused, the hackers released the data online. It included Social Security numbers, school security details and information about **gender** assaults and psychiatric holds.

https://www.npr.org/2024/03/12/1237497833/students-schools-cybersecurity-hackers-credit

Regards

Caute_Cautim

JoePete · ‎03-13-2024

I think this is really just the pre-cursor to what will fertile ground for attacks for years to come. Municipalities in general, but especially school districts which often function independently, simply do not have the resources to manage their information systems in the US. What a lot of this goes toward is schools have been pushed into technology by parents and politicians without due regard for the consequences, whether from standpoint of pedagogy, social development, or system security. Short of a time machine, we can put caution back into the decision making that has already occurred.

denbesten · ‎03-13-2024

@JoePete wrote:
... simply do not have the resources to manage their information systems...

This is a good use case for SAAS solutions.

Caute_cautim · ‎03-14-2024

@denbesten Can we trust Microsoft?

Regards

Caute_Cautim

JoePete · ‎03-19-2024

@denbesten wrote:
This is a good use case for SAAS solutions.

Yes, that is a possibility, but it may not fully address the issue. One common vector of attack into these systems is simple phishing. In a fully on-prem environment someone giving up their credentials is bad but the limits of the network may mean the attacker still needs to jump through the hoop of a VPN. However, in the world of the cloud, it may be walk right in.

In the US at least, state and municipal government (including education) tend to function like fiefdoms. We have such a strong sense of independence (good and bad) that, other than a few exceptions, we resist collaboration. This is a shame considering the ability of information systems to scale (and along with them, their security). I think we are not too far off from seeing the push toward virtual elementary education. Not that I support the idea, but I think the attraction of efficiency (especially from the standpoint of infrastructure), parental control, etc. is going to see it happen. I'd much prefer to see schools counter such things by emphasizing the non-technology aspects of education. For example, if you have a command of Aristotle's logical fallacies, you'll likely be in a much better position to negotiate phishing, social media, and even AI. That's before even address interpersonal interaction (critical to project and change management).

Hackers are targeting a surprising group of people: young public school students