The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center, recently released a Joint Cybersecurity Advisory warning that cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions. The advisory noted that the malicious attacks are resulting in ransomware, data theft, and distance learning service disruptions. The advisory also warns that the attacks are expected to continue through the 2020/2021 academic year.
Not surprisingly, social engineering continues to be an effective method for obtaining authentication credentials. Examples noted in the advisory, and which our lawyers see when assisting clients who have experienced a data breach, include phishing for credentials and using misspelled domain names to trick well-meaning employees. Exploiting exposed Remote Desk Protocol services is another frequently used attack vector. The advisory concludes with some helpful information concerning best practices to mitigate the noted risks, and those are worth a read – especially by individuals with primary responsibility for protecting systems and data in their organization.
Working at the intersection of cybersecurity and technology, our Cybersecurity and Technology team has the in-depth knowledge and experience to help you identify and address vulnerabilities, reduce your risks, and ensure compliance with applicable laws. Whether you seek legal guidance that helps you proactively protect your business or organization, or you need an experienced and steady hand to guide you through a data breach or cybersecurity crisis, we stand ready to help.