Nov 03 2022

Cybercriminals Are Attacking Networks Using Cloud Storage Services

Here’s how K–12 schools can protect themselves from this new attack vector.

Bad actors are constantly evolving their attack vectors, looking for new ways to enter systems undetected. Now, hackers are exploiting cloud storage services to infiltrate networks and hide their attacks. Through phishing emails, they’re targeting cloud applications such as Google Drive and Dropbox. Once inside the system, these malicious parties can access sensitive data stored in their targets’ systems.

Many K–12 districts rely on cloud applications such as Google Workspace to facilitate learning. As a result, school IT teams must remain vigilant about updating security solutions and training. Here’s how schools can protect staff and students from these new attacks:

Train K–12 Educators to Spot Attacks

With bad actors targeting cloud applications via phishing emails, cybersecurity training must include information on how to avoid falling victim to phishing emails.

Click the banner to curate a dashboard of security content when you sign up as an Insider.

Start by informing educators of basic red flags to look for in emails:

  • District’s name is misspelled
  • Sender’s domain is generic (i.e., instead of the district address
  • Generic greetings don’t address the recipient by name
  • Message is filled with spelling or syntax errors
  • Footers include links to vendors that aren’t district-approved

Fight Against “Consent Phishing” with Targeted Security Training

Training needs to focus specifically on the types of phishing emails these hackers frequently send to K–12 school districts. Hackers often target schools with a strategy known as “consent phishing,” in which bad actors trick school faculty into granting permissions to malicious cloud apps to gain access to the user’s legitimate cloud services. This differs from traditional phishing, which involves hackers crafting convincing emails that go to fake landing pages where users enter sensitive information.

With consent phishing, user sign-in takes place at a legitimate identity provider, rather than a fake sign-in page. Educators need to be aware of the applications within their school’s ecosystem, and system administrators need to be aware of and evaluate consent requests.

“Consent phishing attacks are a specialized form of phishing, so they require a comprehensive, multi-layer defense,” notes one Microsoft blog.

Cloud Security Tools and Practices K–12 Schools Need

The first layer of defense should include multifactor authentication and identity management solutions, which require a user to provide an ID, a password and a third identifier, such as a badge or a biometric marker, to access the network. However, MFA alone may not be enough to keep schools protected.

Employees should be trained regularly on the latest threats, and schools may do well to give system administrators control of third-party app permissions and approvals.

Schools would benefit from implementing a zero-trust security framework that operates on the premise that every interaction or transaction begins in an untrusted state. Zero trust requires that all users be authenticated, authorized and continuously validated for security configuration and posture before being granted or maintaining access to applications and data.

Schools that use Google Workspace have built-in cloud security, including identity and access management tools and a security alert center that notifies administrators of potential issues. Workspace also includes Vault, an information governance tool that lets admins retain, hold, search and export users’ Google Workspace data.

FIND OUT: Can you answer these 5 security questions about Google Workspace for Education?

Organizations such as Unit 42 by Palo Alto Networks have sounded the alarm on security risks to cloud applications, offering products and services designed to mitigate potential issues. The organization’s advanced URL filtering services are designed to automatically detect and prevent new malicious and targeted web-based threats.

External audits of the school’s security policy should be part of the plan to protect users from consent phishing. Districts can bolster their cybersecurity policies by adopting cloud security posture management solutions, which provide governance, risk management and compliance capabilities for cloud environments. CDW’s CSPM tools can examine an organization’s security configuration, then work to find gaps in protection by comparing against security frameworks such as the National Institute of Standards and Technology Cybersecurity Framework.

greenbutterfly/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT