Cyber crime – the COVID-19 threat ECEC may not be considering

Early childhood education and care (ECEC) settings have faced threats on a number of fronts since the advent of the COVID-19 pandemic, but there is one threat which may not have been fully considered, which is being actively pitched at the education and care sector – cyber crime. 

 

According to the recently released The First 100 Days of Coronavirus report, compiled by email and data security company Mimecast, ten ransomware campaigns – campaigns which embed a form of malware into the files of an ECEC business, which are then held for ransom from the victim to restore access to the data upon payment – were launched against the Australian education sector between 13–30 March.

 

The report analyses key trends in activity and details the total volume of cybersecurity threats seen over the course of 31 December, 2019 – when the novel coronavirus began gathering widespread attention – to 30 March 2020.

 

Cyber criminals, a Mimecast spokesperson noted, have exploited this period of increased disruption and uncertainty to attempt ransomware insertion to any industry or sector possible through the increased use of all potential attack angles. 

 

Given the disruption to the ECEC sector, with the rapidly declining enrolments faced during that period, coupled with a number of educators and families seeking access to information from devices which may not have been previously linked to the network as more and more families worked from home, ECEC was an especially vulnerable target. 

 

In 60 per cent of the identified campaigns leveled at the sector, ransomware was present, leading the analysts from Mimecast to determine that “it is almost certain (≥≈ 95%) that threat actors are exploiting this period of increased disruption and uncertainty to attempt ransomware insertion to any vertical possible through the increased use of all potential attack vectors.” 

 

Given the prevalence of ransomware in the ECEC space, Mimecast said, “it should be considered an unacceptable risk at this time for any organisation to use Internet Explorer (IE) as an Internet browser.” 

 

The same, they added, should be considered for Flash Plugin software. 

 

“Ransomware threat actors are making increased use of Exploit kits at this time as an additional means to compromise networks, and both IE and Flash are vulnerable to exploitation via this means and are highly likely (≈80% – ≈90%) to be compromised if used to visit an infected or threat actor controlled website.” 

 

A number of older web based educational games and websites for children use Flash Plugin software, and as such, caution should be exercised in recommending these to families, or accessing them on service based computers. 

 

In order to reduce the threat, Mimecast said, ECEC services should ensure that non networked backups are undertaken, and that the organisation has the facility to use fallback email and file archiving capabilities.

 

To read the First 100 Days of Coronavirus report, please see here.