It was a seemingly unremarkable kind of malware, but it infected 25,000 computers in all 50 schools of the district in the vicinity of Redmond, Washington, which is home to Microsoft\u2019s headquarters. Many Microsoft employees\u2019 children go to those schools, bringing the problem to the backyard of Windows developers.<\/p>\n
This was a preventable IT incident too. In 2012, when the Lake Washington School District distributed laptops to all students for use at home and in the classroom, no one thought to include anti-malware protection on these computers. After<\/i> the virus was discovered and the infection had spread, a school district spokesperson said that antivirus software and firewalls were enabled on all the computers.<\/p>\n
A similar case, on a smaller scale, occurred in April 2013 in the Salem School District in New Hampshire. The worm \u201cof an unknown origin\u201d infected the district\u2019s 85 servers and almost brought down the local Internet channels.<\/p>\n
Again, the local official interviewed after<\/i> the malware was discovered: \u201cAt the moment we are installing an antivirus and then we are going to check all workstations separately.\u201d<\/p>\n
In addition to viruses and other malware, educational institutions are subject to attakcs both from outside and inside.<\/p>\n
In the Fall of 2012, a \u201chacktivist\u201d group named GhostShell published 120,000 disparate data sets<\/a>, stolen from the bases of major universities. The \u201chacktivists\u201d had paid unwelcomed visits to the universities\u2019 servers while running a \u201ccampaign\u201d under the name Project Westwind. The information this group published included 36,623 unique email addresses, the names of tens of thousands of students, faculty, and staff; and thousands of log-ins, unencrypted passwords, addresses, phone numbers, and very personal gender, date of birth, nationality, ethnicity, and civil status data. Fortunately, credit card numbers and social security numbers were not included in the published information.<\/p>\n What did GhostShell want? They pointed out that their \u201ccampaign\u201d resulted from \u201c(inflated) tuition fees, political bias, rigid tutorial rules and unclear employment prospects for graduates,\u201d and claimed to be fighting for the good of people by means of SQL injections.<\/p>\n In January 2013, Mississippi State University (MSU) was the victim of a cyberattack<\/a>. It\u2019s widely believed that the attack was launched by a hacker named Gevolus, of the Brazilian Cyber Army. The attack resulted in the published passwords, addresses and emails of more than 500 students and teachers, as well as confidential admissions information.<\/p>\n Apparently, Gevolus was simply demonstrating his cybercriminal abilities because there was no clear cause for his activities.<\/p>\n In May of this year, the Chico Unified School District was hit by DDoS-attack<\/a>, using computers in China, Europe, and the US. What made the cyberattack even more powerful was the fact that the same weblink was used by several government agencies, causing them to lose their Internet access for three days. Administrators of the school district network changed the web address and engaged the broader uplink, but the attacks soon resumed. Apparently, the servers were eventually transferred to an enclosed infrastructure and the criminals responsible for the Chico attack are still unidentified. Unfortunately, there are online instructions about organizing DDoS-attacks, and there are offers to rent the appropriate power for these criminal activities, making unprotected schools particularly vulnerable to attack.<\/p>\n In June 2013, three former students infiltrated Purdue University\u2019s servers<\/a> with a very clear intention:\u00a0 they wanted to change their grades. In this incident, the servers were attacked in a new way. The cybercriminals swapped the authorized teachers\u2019 keyboards for identical ones with hardware keyloggers installed.<\/p>\n Less than a year ago, Reddit published a plea from an overwhelmed student system administrator<\/a>. Apparently, after the departure of his former leader, this young student was entrusted with the management of the infrastructure of a small US college. \u00a0The author described his hardware and software as a real patchwork that included a few dozen computers with Windows XP Home Edition and a couple Vista platforms. Some desktops were more than ten years old and they were administered locally by two CentOS virtual machines acting as serves from the save Dell Desktop. The author tried, unsuccessfully, to persuade his authorities to choose Google Drive as a more effective option. He also wrote about the complete lack of backup, as the former system administrator (who worked part-time) kept copies of the system in his off-campus office. Despite these serious challenges, the school administration was seriously considering the introduction of a Bring Your Own Device (BYOD) policy.<\/p>\n After reading the post, half the commenters strongly advised the individual to flee<\/a> as soon as possible to avoid being blamed when something finally failed.<\/p>\n![\"msuniver\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2013\/07\/06015802\/msuniver.jpg\")
<\/a><\/p>\n
![\"minefield\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2013\/07\/06015801\/minefield.jpg\")
<\/a><\/p>\n