Education sector - what in the world of cyber should you be aware of?

Education institutions are key targets for cyber criminals so here’s a summary of what has been happening in the East of England recently and further afield.

Image of school auditorium

Mass phishing campaign seen

Schools are reporting an increase in phishing emails, with one campaign targeting all staff within the school. The email looks to be an invoice from a company however it redirects to a fake Microsoft login page in the hopes that staff will input their password.


Actions taken by the schools

 

New malware tactic using Microsoft Teams

Image of apps on a device with Microsoft Teams in the middle

Email security company Avanan advised that they are seeing an increasing number of attempts by threat actors to spread malware files via Microsoft Teams chats. Threat actors are using traditional phishing techniques to compromise user O365 accounts, before spreading malware across organisations via Teams chats by replying to existing chats and sharing trojanised executable files designed to take over computers. The executable file was named UserCentric.exe.


Potential mitigation

  • Staff need to be made aware of this as a new and emerging threat, and that they should exercise caution when receiving any shared files in Teams from external organisations, especially from historical chat threads.

  • Organisations could also consider using AppLocker to block executable files from running from folders that Teams downloads files to. For example, if the default download location is the Documents folder, then consider blocking executable files from running in this folder.

 

Police CyberAlarm

The Police CyberAlarm logo

Police CyberAlarm is showing that schools are consistently being targeted. With one school having over 20 million suspicious incoming connections. But being aware means that you can put mitigation into place.


What is Police Cyber Alarm?

Police CyberAlarm is a free tool to help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Find out more here: Police CyberAlarm | The Eastern Cyber Resilience Centre (ecrcentre.co.uk)

 

War in Ukraine

Map of Ukraine

All organisations need to be aware of the heightened risk to UK institutions due to the conflict in Ukraine.


It is well known that Ukraine is being attacked, both physically but also in the cyber space, with DDoS and malware attacks. The malware is of particular concern, as it is a wiper variant. This means that if your systems get infected the data on them is deleted. In the case of a ransomware attack, there might have been a potential to pay for the data to be recovered, with a wiper, there is no second chance.


Actions

 

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.