Highlights

  • The Education sector has been the most targeted industry this year to date, with an average of 3,086 attacks per organization per week, marking a 37% increase compared to 2023
  • The APAC region has witnessed the greatest number of cyberattacks against organizations in the Education/Research sector with 6,002 weekly attacks
  • India is the most targeted country in the Education/Research sector with 6,874 attacks per organization, a 97% year-on-year (YoY) increase
  • Check Point observed 12,234 new domains created related to schools and education in July 2024

Schools and universities, with their treasure troves of sensitive data and often insufficient cyber security measures, have become prime targets for cybercriminals. The is evident in the latest report from Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading AI-powered, cloud-delivered cyber security platform provider, which found that the Education sector has been the most targeted industry for cyberattacks so far in 2024. The data also shows a disparity when comparing sectors and regional differences.

Education in focus

From the beginning of the year to the end of July, the Education/Research sector has been the most targeted industry globally, with an average of 3,086 attacks per organization, per week. That is a 37% increase compared to the previous year, as opposed to the next most targeted industry, Government & Military.

Overall attacks per region

The APAC region has seen the most cyberattacks against organizations in the Education/Research sector since the beginning of the year, with 6,002 weekly attacks per organization. However, North America experienced the highest YoY increase with a 127% rise.

Region Average of Attacks per Organization Change YoY
APAC 6002 -37%
Africa 2875 +70%
Europe 2804 +18%
Latin America 2721 +88%
North America 1821 +127%

 

Overall attacks per country

India is the most targeted country in the Education/Research sector, with 6,874 weekly attacks per organization, representing a 97% YoY increase. Other notable changes include Germany (^66%) and Portugal (^66%).

India seems to experience the most attacks mainly due to the rapid adoption of remote learning fueled by the COVID lockdowns and the ongoing digitization of education, which have created lucrative opportunities for cybercriminals seeking to steal personally identifiable information (PII) to sell on the Dark Web. Additionally, the proliferation of these online learning platforms catering to everyone from preschoolers to retired professionals has increased cyber risks as schools and universities often do not emphasize cyber security sufficiently, leaving their networks vulnerable. The diverse groups involved in these educational networks—including students, teachers, parents, and educational professionals—further expand the attack surface, providing multiple weak points for malware insertion and unauthorized access to financial and PII data.

Country Average of Attacks per Organization Change YoY
India 6874 +97%
United Kingdom 4793 +36%
Italy 4730 +40%
Mexico 3507 +22%
Portugal 3042 +66%
Germany 2041 +77%
United States 1667 +38%

Why are schools targeted by cyber criminals?

Part of the appeal is the sheer number of personal details retained by education institutions. In most companies you tend to only have employees whereas schools, colleges and universities don’t just have employees like teachers and lecturers, they also have students. With so many more people, this makes networks in the sector much bigger, more open and more difficult to protect. Plus, that also means there is so much personally identifiable information (PII) that can be used for financial gain.

Students are not employees beholden to strict corporate guidelines on appropriate access to networks. They bring their own devices on campus, work from shared student accommodation, and connect to free public Wi-Fi without thinking about the security risks first and foremost. This combination has contributed to the perfect storm.

Files Phishing Campaign in the United States

Ahead of the upcoming school year, Check Point observed 12,234 new domains created related to schools and education, marking a 9% increase YoY. Among these, 1 in every 45 domains were found to be malicious or suspicious.

In July 2024, Check Point Research observed multiple phishing campaigns in the USA that use file names related to school activities to lure victims. The first campaign, associated with the file name “DEBIT NOTE_ {name and date} _schoolspecialty.com.html” (figure 2) and emulated an Adobe PDF sign-in message.

Figure 2: the file “DEBIT NOTE {name and date} _schoolspecialty.com.html”

Another campaign used the file name “{school name} High School July Open Enrollment for Health & Financial Benefits.htm”(figure 3) and contained highly obfuscated code, appearing to display a Microsoft login page for some organization.

Figure 3: “{school name} High School July Open Enrollment for Health & Financial Benefits.html”

Quote from Check Point Research: “With the education sector experiencing an unprecedented volume of attacks so far this year, it is evident that schools, colleges and universities are at the forefront of cybercriminals’ agenda. This surge illustrates the critical need for robust cybersecurity measures and heightened awareness within educational institutions to safeguard sensitive data and maintain operational integrity.”

You may also like