1140 3rd St. NE, Suite 340
Washington, DC 20002
(202) 570-7907
Copyright 2024 Adlumin, Inc. All Rights Reserved
Learn about cybersecurity best practices including guidelines, procedures, and proactive measures designed to protect digital systems, data, and networks from potential cyber threats.
Schools are Prime Targets for Cybercriminals: What Can They Do?
By: Brittany Demendi, Corporate Communications Manager
The U.S Government Accountability Office has warned K-12 and higher education school districts that they are considered an increasingly popular target for cybercriminals. The industry remains a prime target for reasons that range from the wealth of student and employee personal data to lagging cybersecurity processes and measures.
Last year, Infrastructure Investment and Jobs Act allocated $1 billion in federal grants to improve state and local government security between 2022 and 2025. States must match a certain amount of grants. Still, to secure funds, they must submit their plan to the Cybersecurity and Infrastructure Security Agency (CISA) with a statewide planning committee. This level of government involvement shows the risks the education industry is under while cyber attacks are still increasing.
Just last month, Alabama’s third-largest school system’s network was shut down after a ransomware attack, and as of recently, there is no sure timeline for when normalcy is returning. Teachers are back to grading with pen and paper, and the school has no internet. This recent attack is not an isolated incident. Adlumin’s Managed Detection and Response (MDR) Team also sees multiple attacks within the education industry and has remediated any threats and intrusions to get schools back to normal.
Recent Cyberattacks on the Education Industry
Adlumin’s Managed Detection and Response Team received three high-severity alerts for logins from a foreign country. The detections were immediately escalated for an investigation to determine why one of the three accounts was experiencing a high volume of failed access events. This could’ve indicated a brute-force attack, authentication malfunctions, or an account malfunction.
Additionally, the other two accounts were accessed from a first-try logon. Within one minute after successful access, lateral movement began. This means that the attacker already had access to the accounts. Adlumin’s Managed Detection and Response Team implemented a network block on the IP address and isolated the known compromised host. To further their investigation, the team conducted a 30-day search for the techniques and indicators of compromise (IOCs).
This was not seen as an isolated incident as the education industry is being targeted nationally, hence why there is government involvement in enhanced cybersecurity plans.
Trending Lateral Movement in the Education Industry
The most alarming aspect of the recent attack was that the cybercriminal already had account access and could log in within one try. The cybercriminal began lateral movement within one minute of access, a trend the team has been seeing within this industry.
To further understand the severity of this attack, we are breaking down lateral movement:
What is Lateral Movement?
Lateral movement is a technique adversaries use after compromising an account or endpoint. It extends access to other applications or hosts in an organization. This technique helps cybercriminals maintain persistence within a network, moving closer to the golden nuggets they are truly after. In severe cases, it can also allow cyber criminals to gain control of an administrator’s account and its associated data and privileges.
A cybercriminal’s main goal is to remain undetected within an environment for as long as possible while moving toward sensitive or valuable data to exfiltrate or destroy it. After the initial break-in, the cybercriminal can easily learn the network anatomy, move laterally by accessing sensitive data through different systems and steal credentials.
Lateral movement is ideal for cybercriminals who want to stay under the radar, which is why this technique is chosen over malware or other exploits that will trigger an alarm. Detecting lateral movement is extremely difficult via prevention controls to block automatically. The more time passes, the more damage is done, resulting in greater recovery costs and investigation.
Stopping Attacks with Managed Detection and Response Services
Managed Detection and Response Services paired with a Security Operations Platform are uniquely designed to identify attackers accurately and quickly as they move through an organization’s compromised network. With these services, detections developed by threat research and data science spot emerging attacker tactics, with machine learning, it catches anomalous behavior unique to any environment.
In this particular incident, Adlumin’s Managed Detection and Response team blocked the threats on the education organizations quickly due to escalated alerts. In addition, working with the organization, they documented and provided step-by-step investigation details, offering 100% visibility.
Stopping Lateral Movement with Adlumin’s Managed Detection and Response Services
Adlumin’s Managed Detection and Response Services provide the premier command center for security operations to stop cyber threats, eliminate vulnerabilities and take command of sprawling IT operations. The education industry relies on Adlumin for solutions before cybercriminals disrupt classrooms and academic programs shutting down operations for weeks. Adlumin enables you to extend defensive capabilities beyond firewalls and security devices while gaining comprehensive visibility into your network.
Learn more about how Adlumin’s Managed Detection and Response Services and Security Operations Platform can empower your team to illuminate threats, eliminate cyber risk, and command authority. Contact us today, schedule a demo, or sign-up for a free trial.
The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis
The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis
In a cyber crisis, who makes the decisions: The senior person? The technical expert? The self-appointed hero? When it comes to effective crisis leadership, removing emotion is critical. Yet our human biases, office politics, and perceived personal fears often influence or derail sound decision-making. Stress impacts every person differently, making it essential to learn how to identify and harness each type during a cyber crisis.
The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis
Learn how to manage strong personalities during a cyber crisis with ‘The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis’ Guide. Discover how to identify and harness each type of person, remove emotion from decision-making, and overcome biases and office politics.
4 Cybersecurity Best Practices for Financial Institutions
Targets for cybercriminals are chosen based on two conditions: impact and profit. Financial institutions meet both requirements while offering various profit paths through theft, fraud, multi-channel extortion, and ideological impact. Malware and data breaches lead the charge, and incident costs continue to rise. Security Magazine reports that 75% of data breaches in 2019 were all within the financial services industry. While other industries are in the criminal crosshairs, the Willie Sutton idiom holds firm stating that people rob banks because that’s where the money is. Security Magazine also highlighted the magnitude of financial institutions not being equipped to protect their adapting IT environments: migration to cloud-based services, mobile and bring your own device (BYOD), and remote workers. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.
To avoid becoming another victimized financial institution, below are a few suggested cybersecurity best practices to safeguard your business:
- Mitigate Risk Associated with Third-Party Vendors
Financial institutions rely heavily on third-party vendors to facilitate operations and extend new service offerings and ways of engaging new customers. While customer-facing services appear seamless under a united banking brand, operations are comprised of multiple organizations of varying security capabilities. A failure or compromise in one of the links of the vendor chain leads to reputational damage to the bank’s brand rather than the invisible vendor behind the curtain. In other words, the cyber risk resides with the bank.
Cashless and frictionless financial services are in high demand. Consumers access funds and payments through mobile apps they assume are secure. The organization that owns the consumer relationship must audit its vendors, mitigate associated exposure and build a plan to respond to incidents before they affect consumers.
The ever-evolving threat landscape, daily publication of vendor vulnerabilities, and growing compliance demands make vendor management challenging. Here are a few key guidelines:
Minimize third-party risk by:
- Conduct a risk assessment and establish minimum security guidelines with each partner.
- Limit vendor access to crucial assets. For example, marketing services should access customer contact information, not core banking data.
- Communicate your compliance requirements and align security programs to protect your customers.
- Establish security event and incident protocols and notification requirements.
- Monitoring your network using threat detection and automated solutions.
The New York Department of Financial Services (NYDFS) published the Cybersecurity Rules and Regulations (NYCRR500), which includes practical guidelines to secure third-party risk (section 11).
- Stay Up to Date with Compliance Regulations
As we have touched on in a previous blog post, compliance is constantly evolving in response to emerging threats. The financial sector is not immune to this change. Keeping up with the latest regulations is essential to ensure credibility and avoid costly investigations and penalties. The goal is to be compliant, regardless of the industry’s ever-changing landscape. Shifting this burden from your internal team to a third-party vendor can help ensure your financial institution achieves compliance.
In addition to existing regulations in the last two years, the financial sector has implemented a few new ones. Any financial institution is at risk of a cyberattack. Regardless of company size, data breaches snowball into complicated situations. They can cripple an organization and end in legal proceedings or disputes that take years to resolve. Meeting cybersecurity compliance standards mitigates risk and the havoc that comes with it.
- Make Your Employees Part of Your Defenses
The majority of data breaches or massive ransomware outages start with social engineering and clever phishing campaigns. Frequent cybersecurity testing awareness training provides context and the skills to identify suspicious communications and emails before your employees become unwitting accomplices by clicking dangerous or downloading infected documents.
Like cyber threats, awareness training must evolve. Training is about empowering, not punishing. It does not identify the “Ten Commandments of IT” but to understand how criminals target them and how to identify their calling cards. Covering multiple forms of campaigns like texting and fake IT calls is important, but phishing remains the primary vector.
“In 2021, 83% of organizations reported experiencing phishing attacks. In 2022, an additional six billion attacks are expected to occur,” according to Cyber Talk. Phishing attacks are a top concern for IT decision-makers, so training employees should be at the top of the priority list.
Your employees are the first line of defense against most threats, including phishing scams. Employees across all departments within your company need to be equipped with the proper knowledge of spotting a phishing scam and reporting it.
- Implement Continuous Threat Monitoring
In 2016, a cybercriminal wired themselves $81 million in a Bangladesh Bank heist, using the SWIFT banking network in only a couple of hours. This is a perfect example of how imperative it is to have 24/7 surveillance across your entire IT landscape. The quicker you can identify and eliminate a potential threat, the better off you will be in the long run—early detection is essential.
Financial institutions typically use a 24/7 Security Operations Center (SOC) service to enhance threat detection and response times by continuously scanning your network and host for vulnerabilities. Hiring third-party experts is the most cost-effective solution for securing customers and their transactions. When financial institutions carry the heavy burden of protecting their clients, it is best to proactively work with managed security services built to discover threats and command action.
Additional Resources:
- For more information and tips on cybersecurity, visit Adlumin’s Cyber Blog.
- Request a demo with an Adlumin cybersecurity expert if you are ready to get started.