Tag Archive for: Alarming

Black Majority Schools Face Alarming Internet Security Risks, Report Finds


There is a large digital divide affecting low-income and Black or Indigenous majority schools, a recent report by Internet Safety Labs (ISL) has found.

Ads and trackers

The report “Demographic Analysis of App Safety, Website Safety, and School Technology Behaviors in US K-12 Schools” explores technological disparities in American schools, focusing mainly on marginalized demographics.

This research expands on ISL’s previous work on the safety of educational technology across the country and is supported by the Internet Society Foundation. It reveals how schools of different backgrounds use technology and the risks involved.

One concerning finding is that websites for schools with mostly Black students were the least safe.

One-third of these schools had advertisements on their websites—a rate much higher than the national average—and 100% of the websites had trackers monitoring visitor behavior.

Privacy or digital divide?

The study also highlights a broader problem: a digital divide in how technology is used in education.

Schools in the lowest income bracket, making between $20,000 and $39,000, were among the least likely to provide their students with computing devices. This limits these students’ experience with technology.

Furthermore, the technology that is recommended or required often poses privacy risks, including apps filled with digital and behavioral ads.

Similar trends were seen for schools with the most American Indian/Native Alaskan students, leading to concerns about how this digital divide impacts students’ learning and their understanding of technology.

What Is The Solution?

The report suggests several actions for schools, school districts, and policymakers.

It recommends eliminating digital ads and tracking devices on school websites.

It also emphasizes the importance of schools being transparent about the technology they use, suggesting they publish a comprehensive list of required technology so students and parents know what’s expected.

Finally, it suggests schools should thoroughly vet all technology they recommend or require for educational use, to ensure it’s safe and appropriate…

Source…

NSFOCUS reveals alarming surge in DDoS attacks in 2022 report


NSFOCUS, has published its 2022 Global DDoS Attack Landscape Report. The report contains in-depth findings to aid organisations and users in defending against DDoS attacks.

The report reveals that the DDoS attack landscape is becoming increasingly difficult to navigate. The number of DDoS attacks has notably surged in 2022, with the frequency of terabit-level attacks increasing to approximately 40. Attacks greater than 100 Gbps also reached record levels, with such scale of attack being reported on an hourly basis. The research analysis shows that the incidence of recurring IP address attacks in 2022 was significantly higher than in 2021, meaning that once identified as a target, a victim is likely to experience repeated DDoS attacks. This continually evolving threat landscape poses fresh obstacles to DDoS protection.

According to the report, UDP-based DDoS attacks were the most prevalent tactic used by cybercriminals, accounting for about 60% of total DDoS threat incidents in 2022. Quite alarmingly, virtually all terabit-level DDoS attacks were found to be UDP-based, including two-thirds of non-reflective UDP attacks. These findings signal that contemporary threat actors have at their disposal an incredibly rich pool of attack resources and can initiate terabit attacks without needing UDP reflection to boost traffic. The rapidly reoccurring colossal DDoS attack trend is now surpassing the capability of on-premises solutions across industries.

The report also draws attention to the growing menace of application-layer DDoS attacks. These attacks are more challenging to identify and shield against as they establish reliable TCP connections, making the attack source IP addresses unforgeable. The report warns that if a large number of application-layer attack source IP addresses remain active in a particular region, it is a significant indication that botnets are operating there.

As has been the case in previous annual DDoS attack landscape reports, NSFOCUS continuously monitors the activity of botnet families. The 2022 report identifies Mirai as the most threatening botnet, accounting for over half of all botnet activities and having the greatest number of…

Source…

Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom


The cybersecurity researchers at Kaspersky have unveiled alarming statistics about the expanding cybercrime economy on the dark web.

Key Findings:

  1. DDoS Demand Soars: Kaspersky’s analysts discovered over 700 dark web ads for DDoS attack services in H1 2023, highlighting the escalating demand among hackers.
  2. Cost of DDoS Services: Rates for DDoS attack services on the dark web ranged from $20 per day to $10,000 per month, with an average cost of $63.50 per day or $1,350 per month.
  3. IoT Malware Evolution: Fierce competition among cybercriminals has driven the development of IoT malware, with features designed to thwart rival malware, including firewall rules and process terminations.
  4. Brute-Force Attacks Prevalent: Brute-forcing weak passwords remains the primary method for compromising IoT devices, with 97.91% of attacks focusing on Telnet, compared to 2.09% on SSH.
  5. Global Attack Landscape: While China, India, and the United States were the primary targets of IoT attacks, China, Pakistan, and Russia emerged as the most active attackers, highlighting the global reach of cyber threats.

The Internet of Things (IoT) landscape is under siege, with a growing underground economy centered around IoT-related services, particularly for Distributed Denial of Service (DDoS) attacks, according to a recent report by cybersecurity firm Kaspersky.

The study delves into the evolving threats targeting the IoT sector, shedding light on the modus operandi of cybercriminals and the alarming prevalence of malware types.

IoT devices are poised to surpass a staggering 29 billion by 2030, making them an attractive target for cybercriminals. Kaspersky’s research presents crucial insights into dark web activities, prevalent malware strains, and the tactics employed by hackers.

While DDoS protection and mitigation services are utilizing all available resources to secure their clients’ infrastructure; DDoS attacks orchestrated through IoT botnets are experiencing a surge in demand within the cybercriminal community. Kaspersky’s Digital Footprint Intelligence service analysts unearthed over 700 ads for DDoS attack services on various dark web forums in the first half of…

Source…

Alarming rise in ransomware attacks on education: Sophos


Leading cybersecurity firm Sophos has shed light on the alarming increase in ransomware attacks targeting the education sector.
Sophos report on recovery cost in educationThe report titled The State of Ransomware in Education 2023, based on a survey of 400 IT / cybersecurity professionals across 14 countries, unveils the real-world experiences of educational institutions in the face of cyber threats.

Spike in Attacks and Data Encryption

The survey findings revealed a stark rise in ransomware attacks on educational institutions. The education sector reported the highest rates of ransomware attacks among all industries surveyed. An alarming 80 percent of lower education providers and 79 percent of higher education providers reported falling victim to ransomware attacks in 2023. This represents a significant surge from the previous year, with rates more than doubling since 2021, when only 44 percent of education providers faced such attacks.

Additionally, data encryption in the education sector has seen a steady increase. Lower education providers reported an 81 percent rate of data encryption, while higher education institutions reported a rate of 73 percent, remaining consistent with the previous year.

“Double Dip” Method and Data Recovery

One worrying trend is the increasing prevalence of the “double dip” method, where cybercriminals not only encrypt the data but also steal it for potential data exfiltration. Of the lower education organizations that experienced data encryption, 27 percent reported that their data was also stolen. In higher education, this figure rose to 35 percent, indicating a growing adoption of this malicious tactic.
Sophos report on ransomware in education sector 2023The ability to recover encrypted data is crucial for organizations facing ransomware attacks. Fortunately, all higher education institutions and 99 percent of lower education organizations were successful in recovering their data. Notably, the recovery rate for the education sector surpasses the cross-sector average, indicating a degree of resilience in the face of such threats.

Root Causes of Attacks

The report also identified the root causes behind the ransomware attacks. For lower education, compromised credentials (36 percent) and exploited…

Source…