Public schools in the United States are facing a grave cybersecurity threat as phishing attacks continue to surge, targeting officials and staff with alarming sophistication. The PIXM cybersecurity firm has issued a report detailing the concerning trend, shedding light on the tactics employed by threat actors to bypass Multi-Factor Authentication (MFA) protections previously deemed robust.
Tycoon and Storm-1575 at the Forefront
PIXM’s investigation identified two primary threat groups, Tycoon and Storm-1575, as the key players behind these nefarious activities. Both groups exhibit advanced social engineering techniques, utilizing tactics such as spoofed emails and sophisticated phishing-as-a-service platforms to launch targeted attacks.
These threat actors have demonstrated a keen ability to bypass MFA measures, leveraging techniques like adversary-in-the-middle phishing to compromise administrator email accounts and deliver ransomware payloads. Their arsenal includes customizable login experiences and the use of Phishing-as-a-Service tools, allowing them to masquerade as legitimate entities and evade detection.
Sophisticated Attack Patterns Unveiled
Since December 2023, there has been a noticeable uptick in MFA-based phishing campaigns targeting educators and administrative staff across various school districts in the US. These campaigns often begin with phishing emails enticing recipients to update their passwords, leading them to spoofed login pages designed to extract sensitive credentials.
The attackers’ tactics extend beyond mere credential harvesting, with some attempts aimed at altering Windows registry keys to facilitate the deployment of malicious scripts. Moreover, the use of CAPTCHAs in these phishing campaigns serves to delay payload delivery while adding a veneer of legitimacy, further complicating detection efforts.
Schools: Prime Targets of Cybercrime
The education sector has emerged as a prime target for cybercriminals, with ransomware gangs increasingly setting their sights on schools. In addition to ransomware attacks, cybercriminals have been actively engaged in data theft, compromising sensitive student and staff records.
Recent incidents, such as the exposure of over 4 million records linked to Raptor Technologies and the leak of 210,020 student and parent records associated with the Online Voucher Application, underscore the magnitude of the cybersecurity challenges facing the education sector.
Protecting Against Phishing Threats
To mitigate the risk posed by phishing attacks, organizations must adopt a proactive approach to cybersecurity. This includes identifying high-priority staff with sensitive access, investing in targeted awareness campaigns, and implementing AI-driven protections at both the browser and email layers.
Additionally, fostering a culture of cybersecurity awareness among staff and students is paramount, equipping them with the knowledge and vigilance needed to identify and report suspicious activities promptly. Only through a comprehensive and collaborative effort can the education sector effectively combat the growing threat of phishing attacks and safeguard sensitive information.