Many districts are still looking for ways to combat these sophisticated cyberattacks, which aim to shut down their school networks.
What Is a Denial of Service Attack, and How Does It Affect K–12 Institutions?
A denial of service attack is a cyberattack in which the attacker floods the target system with requests as a means to grind activity to a halt.
“Imagine I take a fistful of $100 bills and go to Times Square, and I stand in the middle of traffic and throw them into the air. What do you think is going to happen? Everything stops,” says Sven Dietrich, IEEE member and a professor at New York’s Hunter College. “The same can happen in a network environment: A web server, a file server, an authentication server, those are no longer performing their activities as originally planned.”
A distributed denial-of-service attack “comes from multiple locations, which makes it harder to block and therefore more effective at flooding systems or networks,” says Amy McLaughlin, cybersecurity program director for the Consortium for School Networking. “When these attacks are used against schools and districts, students and teachers cannot access the systems and do their daily business of teaching and learning.”
One of the challenges is that these types of attacks “can be purchased relatively inexpensively as a service,” McLaughlin says.
$5
The minimum cost, per hour, to purchase a DDoS attack online
Source: imperva.com, “Cheap and nasty: How for $100, low-skilled ransom DDoS extortionists can cripple you business,” Sept. 1, 2021
What Systems Are Targeted in a DDoS Attack Against K–12 Schools?
Attackers target critical network assets in a DDoS exploit, with a goal of shutting down operations. They can, for example, focus their efforts on school accounting systems or learning management systems. In most cases, though, they will aim to disable the entire network.
“They typically target the network because if you can target the network itself, then you take down access to every system on the network,” McLaughlin says. “You could go after the learning management systems or the student information system, but most attacks will just go for the whole network.”
Often, the goal of these cyberattacks is to cause disruption rather than to steal data. And while data theft may not be the inciting factor, the disruption could still cost an institution a lot of money, according to a Mimecast article.
In some instances, the DDoS attacks may also serve as a distraction from other cybercrime. As a school directs its limited resources to restore the network, cybercriminals could be working in the background to hack other systems.
TECH TIPS: Discover 5 reliable K–12 cybersecurity resources.
How Can K–12 IT Teams Prevent a DDoS Attack?
Schools can use network redundancy and firewalls to defend against DDoS attacks.
Network redundancy allows IT teams to redirect traffic when networks become overwhelmed from an attempted DDoS incident.
“What you need is a backup site students can connect to in case the network pipe leading to the school is clogged,” Dietrich says. “You can do this at the Domain Name System level, meaning at the lookup level. You can do it at the network management level. You can redirect things.”
Districts can also work with their internet service providers, many of whom offer monitoring services, to watch for and block these types of attacks.
“Another strategy is to invest in next-generation firewalls that can monitor traffic and look for patterns of denial of service attacks coming in and block them at firewall level,” McLaughlin says. “Intrusion detection or intrusion prevention systems can also trigger an alert if they see an escalation in traffic you’re not anticipating.”
While the federal government’s E-rate funding doesn’t cover these types of cyberdefenses, CoSN is advocating to expand the program to that end.
How Can Schools Recover from a DDoS Attack?
There are many ways system administrators can restore network functionality after a DDoS attack. If the district doesn’t have redundant or fallback network capabilities, an admin “can give the school district DNS a new IP address,” Dietrich says. “These are things a good network manager will know how to do.”
“Schools need to contact the internet service provider right away and get their assistance” when they notice an attack, McLaughlin says. “A lot of them offer a one-time block that they can just turn on for you.”
“You can also look at your firewalls, using those to block the source connections — the IP addresses that are flooding your network,” she adds.
It’s also important to have a strong communication plan in place. While easily overlooked, it can add immense value to a district’s incident response plan.
“You’re going get a bunch of people contacting you all at once to tell you that everything’s down,” McLaughlin says. “Without a good communication plan, the people responsible for getting everything working again are going be busy trying to answer those calls. You need have somebody in place to just give a consistent message: ‘Thank you, we are aware and we are working on this right away.’”
UP NEXT: Learn how one California district decentralized its IT support team.