A cyber-attack forced a group of schools in the US Pacific Northwest to close for at least two days.
Highline Public Schools has more than 17,500 students in grades K-12. The district has 34 schools and 2,000 staff in Washington State.
On Sunday, the school district reported that it had suffered a cyber-attack and that all schools would be closed on Monday. The closures include cancelling meetings and athletics. They also mean cancelling the first day of kindergarten for this year’s intake.
The district later announced that schools would stay shut today, Tuesday.
“We have detected unauthorized activity on our technology systems and have taken immediate action to isolate critical systems. We are working closely with third-party, state and federal partners to restore and test our systems safely,” the district said in a statement.
It later added: “We understand cancelling school is a significant disruption for our families and staff, but student safety remains our top priority.”
As a precaution, Highline staff have been told not to use district-issued computers and laptops, and Highline said its network had been disconnected from the internet. As a result, staff cannot access critical applications “required for the safe operation of schools.” Staff can continue to use Office 365 and district-provided cell phones for email.
A spokesperson for the school district, Tove Tupper, told the Seattle Times that investigators had not found any theft of staff or families’ data. However, the schools had lost access to key systems, including an application that manages school transport. “We can’t afford to be without access to that, especially at the start of the year,” Tupper told the newspaper.
Increasing Attacks Against Schools
Cyber-attacks against schools are increasingly common and appear to rise at the start of the school year, with ransomware accounting for many attacks. Earlier this year, a school in Essex, UK, was forced to close after a ransomware attack locked staff out of school IT systems.
“It’s about leverage,” Andrew Hollister, security expert and former CISO, told Infosecurity. “Hitting the schools at the beginning of term is a way to pressure them into a quick payout to avoid impacting the school year – just like a cyber-attack in any other industry at a peak time.”
Don Smith, Vice President of Secureworks Counter Threat Unit, explained that schools can take several steps to protect themselves from similar attacks.
“With the limited resources many schools are working with, there are still ways to protect against cyber-attacks. The first step is to patch any networks that face the internet so that vulnerabilities are addressed regularly,” Smith advised.
“Secondly, it’s crucial that schools add a layer of multi-factor authentication to make it harder for bad actors to break through. By implementing these two strategies, schools and other educational institutions will likely become less prone to attacks and have better cyber health overall.”
Source: https://www.infosecurity-magazine.com/news/highline-schools-cyberattack/
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
[…] Read More: Highline Public Schools Forced to Close By Cyber-Attack […]