From education to employment

How the education sector can successfully thwart DDoS attacks

Richard Hummel, ASERT Threat Intelligence Lead for NETSCOUT

Cybercriminals are constantly adapting their attack methodology, so organisations need to be aware of the current cyberthreat landscape in order to boost their chances of mitigating attacks. When it comes to the education sector, distributed denial-of-service (DDoS) attack activity targeting colleges, universities, and professional schools has significantly increased recently. Indeed, according to NETSCOUT’s 2H2021 Threat Intelligence Report, global DDoS attacks against these organisations increased by 102 per cent in the second half of 2021. It is not a matter of if education institutions will be affected by a DDoS attack, but a matter of when, so it pays to plan ahead when it comes to protection strategies.

Recent DDoS attack trends

NETSCOUT researchers observed that this spike in DDoS attack activity against colleges, universities, and professional schools occurred during the autumn months of 2021, when institutions were resuming on-site classes and COVID-19 restrictions were being lifted. What’s also concerning to the education sector, is that there is reason to believe that students were behind a significant proportion of these cyberattacks.

The report also revealed that DDoS-for-hire services are now openly available online, with numerous websites offering such services without even requiring a nominal fee and with minimal screening processes in place. This means that anyone can hire a DDoS service to launch attacks against a selection of targets without needing a cryptocurrency account or even paying at all to use these highly disruptive services. The ease at which students or external adversaries can launch attacks serves as a stark reminder of just how susceptible educational institutions can be.

In fact, NETSCOUT researchers found 19 confirmed DDoS-for-hire sites which claim to offer more than 200 types of attacks for customers to pick from. Some offer gamers specific services to target online gaming platforms in order to defeat their opponents. Other sites were even found offering services which could evade standard anti-DDoS protections. With the availability of these services made so prevalent online, launching a DDoS attack has never been so easy.

This is concerning as education services continue to migrate to digital platforms. Most notably, UK student examinations regulator, Ofqual, recently announced its plans to move traditional pen-and-paper exams online. While digital transformation of education offers many benefits, if this plan is to move ahead, exam platforms risk becoming a target for DDoS attacks which could cause large-scale chaos, especially for national exams. The education sector, therefore, needs to ensure it has robust cyberattack mitigation strategies in place as part of its digital transformation plans.

How to protect the education sector

There are several effective tactics that those within the education sector can implement to protect themselves from emerging DDoS threats. In fact, academic institutions and associated organisations can prevent 90 per cent of DDoS attacks by having modern and robust cybersecurity tools in place to lessen the risks of these attacks.

Firstly, attackers need vulnerable electronic devices in order to spoof and create an IP address. This is done to imitate another computer system or device which allows bad actors to deploy DDoS attacks and carry out other malicious activities. IP spoofing also masks the attackers’ true identities and decreases the likelihood of being detected while deploying a cyberattack. To block this activity, system administrators can implement an effective yet comprehensive DDoS protection system that can protect the organisation’s network from suspicious activity and ensure that only authorised traffic is allowed.

An additional method to protect institutions is to control inbound traffic towards the information and services provided by an organisation. This can be done by simply limiting users’ access – similar to how an organisation can likewise limit how many users they provide their services to. These controls can be configured based on the types of services deployed, and if robust enough, can significantly reduce risks imposed by DDoS attacks. Meaning that if most of the attack vectors are blocked, it will ensure that the attacks themselves are not effective.

Lastly, simply promoting good cyber hygiene to students and faculty alike can put schools in a better position to defend from attacks. Students, teachers, and other staff within the organisation should be educated about the importance of caution towards suspicious emails and file attachments that they may receive. In such circumstances, it is also advisable that the school’s IT teams install file scanners and antivirus software onto every computer within the facility to detect malware and other cyberthreats before an email, file attachment, or link is opened.

By correctly implementing these strategies, colleges, universities, professional schools, and other education organisations can significantly decrease the impact of DDoS attacks onto their digital networks. Educational institutions that have adequately prepared to defend their online infrastructure by utilising effective DDoS mitigation measures have experienced significantly less issues brought on by DDoS attacks. Following best current cybersecurity practices can also put those within the education sector in the strongest position possible to successfully defend themselves if ever targeted by a DDoS attack.

By Richard Hummel, ASERT Threat Intelligence Lead for NETSCOUT

Related Articles