Education Top Sector Hit by Trojans

digital trojan horse

The openness of education networks poses the sector's greatest cybersecurity threat, according to a company that produces anti-malware software. According to a new analysis of its customer data, Malwarebytes has found that the education sector was the largest target for adware and trojans, and second among verticals for being hit with ransomware. Forty-three percent of threats on education devices were identified as adware, 25 percent as trojans and 3 percent as backdoors.

The analysis was done between January and June 2019 on devices identified as being in education settings around the world and running Malwarebytes' on-premise programs and cloud services. While the focus was on findings for the first half of 2019, the company also examined data collected in 2018 to understand the threat landscape of the 2018-2019 school year.

In the area of adware, the most common adware families detected were SearchEncrypt, Spigot and IronCore. Together these comprised about 15 percent of the threats detected. The company considered the first two of those "relatively minor compromises."

The bigger concern was trojans. And according to the analysis, more than one in three compromises were detected on devices plugging in as a guest on the network. Trojans across all industries were on the rise last year, up 132 percent from the previous year. In education specifically, trojans represented nearly 30 percent of all detections in devices owned by schools. Also, the company reported, 33 percent of non-institution-owned devices carried trojans; in the United States specifically the share was 27 percent.

The most common trojans detected were Emotet, TrickBot and Trace, making up more than 11 percent of all compromises.

Emotet appeared to be even more pervasive among non-institution-owned devices (14 percent) than those owned by the institution (5 percent).

TrickBot for its part uses EternalBlue, one of the SMB vulnerabilities leaked by the ShadowBrokers Group last year, to exploit unpatched systems. Infected machines attempt to spread TrickBot laterally via brute force of domain credentials." TrickBot, which represented almost 6 percent of all identified compromises in education, was described by Malwarebytes as a "nasty information stealer that can download components for specific malicious operations, such as keylogging and lateral movement within a network."

The company warned that these two trojans "may be even more pervasive than the metrics indicate." If its own technology didn't stop certain activities in their tracks, the counts could be doubled. Those include flagging malicious PDF or Office documents containing hidden scripts that have been opened or a manual script such as PowerShell that has been activated. "If these detections were, indeed, the result of further attempts at spreading Emotet or TrickBot, then Trojan detections may actually represent up to 40 percent of all detections in the industry," the company noted.

"Because of their network-hopping use of brute force attacks and use of exploits, education is particularly vulnerable to these particular attacks, due to the huge volume of guest devices connecting to their networks," the company concluded.

For more detail, visit the Malwarebyte blog.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • AI microchip under cybersecurity attack, surrounded by symbols of threats like a skull, spider, lock, and warning shield

    Report Finds Agentic AI Protocol Vulnerable to Cyber Attacks

    A new report from Backslash Security has identified significant security vulnerabilities in the Model Context Protocol (MCP), technology introduced by Anthropic in November 2024 to facilitate communication between AI agents and external tools.

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation in Education

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education, from preschool through higher education.

  • teen studying with smartphone and laptop

    OpenAI Developing Teen Version of ChatGPT with Parental Controls

    OpenAI has announced it is developing a separate version of ChatGPT for teenagers and will use an age-prediction system to steer users under 18 away from the standard product, as U.S. lawmakers and regulators intensify scrutiny of chatbot risks to minors.

  • ClassVR headsets

    Avantis Education Launches New Headsets for ClassVR Solution

    Avantis Education recently introduced two new headsets for its flagship educational VR/AR solution, ClassVR. According to a news release, the Xcelerate and Xplorer headsets expand the company’s offerings into higher education while continuing to meet the evolving needs of K–12 users.