Education Top Sector Hit by Trojans

digital trojan horse

The openness of education networks poses the sector's greatest cybersecurity threat, according to a company that produces anti-malware software. According to a new analysis of its customer data, Malwarebytes has found that the education sector was the largest target for adware and trojans, and second among verticals for being hit with ransomware. Forty-three percent of threats on education devices were identified as adware, 25 percent as trojans and 3 percent as backdoors.

The analysis was done between January and June 2019 on devices identified as being in education settings around the world and running Malwarebytes' on-premise programs and cloud services. While the focus was on findings for the first half of 2019, the company also examined data collected in 2018 to understand the threat landscape of the 2018-2019 school year.

In the area of adware, the most common adware families detected were SearchEncrypt, Spigot and IronCore. Together these comprised about 15 percent of the threats detected. The company considered the first two of those "relatively minor compromises."

The bigger concern was trojans. And according to the analysis, more than one in three compromises were detected on devices plugging in as a guest on the network. Trojans across all industries were on the rise last year, up 132 percent from the previous year. In education specifically, trojans represented nearly 30 percent of all detections in devices owned by schools. Also, the company reported, 33 percent of non-institution-owned devices carried trojans; in the United States specifically the share was 27 percent.

The most common trojans detected were Emotet, TrickBot and Trace, making up more than 11 percent of all compromises.

Emotet appeared to be even more pervasive among non-institution-owned devices (14 percent) than those owned by the institution (5 percent).

TrickBot for its part uses EternalBlue, one of the SMB vulnerabilities leaked by the ShadowBrokers Group last year, to exploit unpatched systems. Infected machines attempt to spread TrickBot laterally via brute force of domain credentials." TrickBot, which represented almost 6 percent of all identified compromises in education, was described by Malwarebytes as a "nasty information stealer that can download components for specific malicious operations, such as keylogging and lateral movement within a network."

The company warned that these two trojans "may be even more pervasive than the metrics indicate." If its own technology didn't stop certain activities in their tracks, the counts could be doubled. Those include flagging malicious PDF or Office documents containing hidden scripts that have been opened or a manual script such as PowerShell that has been activated. "If these detections were, indeed, the result of further attempts at spreading Emotet or TrickBot, then Trojan detections may actually represent up to 40 percent of all detections in the industry," the company noted.

"Because of their network-hopping use of brute force attacks and use of exploits, education is particularly vulnerable to these particular attacks, due to the huge volume of guest devices connecting to their networks," the company concluded.

For more detail, visit the Malwarebyte blog.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.