Fake e-learning platforms used for cybercrime

    754

    THERE is something very sinister when cybercriminals covertly intrude on students via fake e-learning platforms. A recent discovery by cybersecurity firm Kaspersky however indicates a four-digit increase in threats disguised as e-learning platform in the Southeast Asian region.

    “The four-digit rise in the number of users we’ve secured from various threats online prove that cybercriminals are well aware of the new loopholes they can exploit to victimize the already stressed educational sector,” Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky comments.

    Prompted by observations of how educational resources accounted for a large portion global Distributed Denial of Service (DDoS) attacks, Kaspersky discovered that threats disguised as e-learning and videoconferencing platforms surfaced during the first three quarters of 2020. The numbers are revealing.

    “…cybercriminals attempt to overwhelm a network server…in the case of educational resources — denying students and staff access to critical materials.”

    Between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350 percent when compared to the corresponding period in 2019. While there is steep surge in the number of users in SEA who faced this problem, the total number of DDoS attacks increased by 80 percent globally in Q1 2020 when compared to Q1 2019.

    Applications and tools used as attack surfaces include Moodle, Zoom, edX, Coursera, Google Meet, Google Classroom, and Blackboard.

    In a denial of service (DoS) attacks, cybercriminals attempt to overwhelm a network server with requests for services so that the server crashes — denying users access. DDoS attacks are particularly problematic because they can last anywhere from a couple of days to a few weeks, causing disruptions to organizations’ operations and — in the case of educational resources — denying students and staff access to critical materials.

    “This forced but needed online transition has already left educators overwhelmed and anxious, which also means they are more vulnerable to falling prey against old but effective social engineering tricks such as phishing and scams,” Yeo says.

    One thousand percent increase

    From just 131 affected users in January to March 2020, the second quarter saw Kaspersky solutions protecting 1,483 unique users in SEA against online threats related with virtual education and online video conferencing applications, a 1032 percent increase in a per quarter comparison. The global cybersecurity company also monitored a slight decrease to 1,166 users almost infected with malware in the third quarter.

    To help thwart cyber threats and actual cyberattacks, Kaspersky suggests the following steps for educators on how they can improve their security online:

    1. Learn about the tools used – Know the capabilities and features as much as possible, by reading through the instructions, learning the interface, and searching on the Internet for configuration guides. Follow the rules set by the institution IT security department as well.
    2. Limit your tools – The IT tools selected to conduct classes should be convenient for both teacher and students. More tools do not necessarily mean a better experience. Before starting classes, make sure sufficient tools for the job are available and that all participants in the educational process are comfortable using them.
    3. Set a unique password for each service – For every account, set one unique password. All passwords should be strong — long enough and not too obvious.
    4. Guard educational accounts – Pay careful attention to the accounts used for educational purposes. There should be no problems accessing them at any moment, and no one else should be able to log in to them.
    5. Understand how to recognize phishing e-mails – It is important to know how to distinguish phishing attempts from official mailings and the messages legitimate services might send. Phishing sites often contain errors, misaligned layouts, and broken links, but sometimes scammers manage to create phishing pages that are indistinguishable from the real thing.
    6. Protect devices – Reliable protection on every device used to access educational resources is needed. If a student’s school computer is crawled by ransomware, for example, restoring the computer and files can waste a lot of valuable time.
    7. And if a teacher’s computer becomes compromised, things can get even more interesting. Some malware may try to spread to students’ devices. That is why reliable protection on all computers, smartphones, and tablets. To know more about the other things affecting the educational sector, go to this link. To find out how to get reliable protection in educational systems click here. Read about the offers to the educational sector in Malaya’s Tech This Week section.