Educational Services
NAICS 61

  • Resumen

    The Education vertical has an unusually large percentage of Social Engineering attacks in which Pretexting is the variety. These are typically with a view toward instigating a fraudulent transfer of funds. Miscellaneous Errors and System Intrusion are both still enrolled as well, and are taking a full load.


    Frequency

    1,332 incidents, 344 with confirmed data disclosure


    Top Patterns

    Social Engineering, Miscellaneous Errors, and System Intrusion represent 86% of breaches


    Threat Actors

    External (80%), Internal (20%), Multiple (1%) (breaches)


    Actor Motives

    Financial (96%), Espionage (3%), Fun (1%), Convenience (1%), Grudge (1%) (breaches)


    Data compromised

    Personal (61%), Credentials (51%), Other (12%), Medical (7%) (breaches)


    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)


  • The Education sector has certainly had a challenging year, with the pandemic mandating that classes be held online, in a hybrid form, and sometimes, not at all. With those challenges comes opportunity—mostly for criminals. This sector is assailed by Financially motivated actors looking to gain access to the data and systems of the people who are just trying to get through the school day.

    One of the top patterns in this industry is Social Engineering (Figure 101), and in looking at these cases, Social Engineering aficionados will craft a simple phishing email and wait for their victims to reach out to them. In the Education sector, they seem to be harkening back to their creative writing courses, and are putting forth the effort to invent a convincing scenario to get their victim to respond (Figure 102).

  • Figure
  • Are they getting good grades for their efforts? Yes, they get an A for “appropriation” of funds that do not belong to them. Considering their continued success at causing money to be transferred to them, they have clearly mastered the art of believability in their prose.

    It stands to reason that people with access to wire transfers and other kinds of payments should be targeted for special training to help combat this kind of attack. Other controls to prevent wire transfers to new bank accounts should also be put in place. 

    Miscellaneous Errors and System Intrusion were almost tied in their bid for second place in the patterns for this sector. We see Misconfiguration (largely of databases that are spun up without the benefit of access controls, open for the world to see because knowledge wants to be free, right?) as the most common variety (Figure 103). 

    The System Intrusion pattern tells a tale of two actions—namely Hacking and Malware. Credential attacks are the most common starting point, with the credentials frequently coming from the result of other breaches and/or credential re-use. The attacker moves on to installing malware once they have their foothold established. Ransomware is a favorite malware flavor, and we’ve seen some groups taking copies of the data prior to triggering the encryption and then using it as further pressure against the victim.

  • Ransomware is a favorite malware flavor, and we’ve seen some groups taking copies of the data prior to triggering the encryption and then using it as further pressure against the victim.

  • Figure
  • Figure

Let's get started.