Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly

Malicious actors are increasingly targeting K-12 and higher education institutions, an "industry of industries" as Microsoft's new report calls it, due to the immense amount of private data that these enterprises handle.

From information regarding financial data to health records and other sensitive information, hackers have a host of pickings to choose from if they are successful in their exploitation attempts, Microsoft's Threat Intelligence report explained.

"The combination of value and vulnerability found in education systems has attracted the attention of a spectrum of cyberattackers — from malware criminals employing new techniques to nation-state threat actors engaging in old-school spy craft," Microsoft said.

Education as an industry faces a variety of issues that prompt attacks from hackers: security staffing limitations; difficult-to-secure IT systems; virtual/remote learning environments; extensive QR code usage; open email systems; lack of funding; and more. There's also the issue of users — some as young as 6 years old — who are too young to know safe cybersecurity habits and are liable to compromise a network. 

The education sector deals with an average of 2,507 attempted cyberattacks on a weekly basis from nation-state groups to ransomware gangs, with universities especially presenting their own unique challenges due to the culture of sharing information, research, and innovation, Microsoft found.

Some of the nation-state actors that Microsoft highlights are Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, and Moonstone Sleet, with an honorable mention for Storm-1877, which is still in development. 

Education institutions can protect themselves from these threats by implementing a new security curriculum, such as maintaining and scaling core cyber hygiene, prioritizing cyber awareness at all levels, whether students, IT staff, or faculty. Microsoft also advised hardening overall security posture as well as centralizing the technology stack, and implementing better monitoring procedures to get a clear picture of security posture and potential vulnerabilities.  

Microsoft highlighted some institutions such as Oregon State University and the Arizona Department of Education, which are both doing noteworthy jobs of implementing an ace cyber posture. The former's progress came in response to a major cybersecurity incident, prompting its Security Operations Center (SOC) alongside the help of AI and automated capabilities; the latter which focuses on zero-trust principles by blocking any traffic outside of the US from its 365 environment, Azure, and data center.