School squall: hackers targeted teenagers at the beginning of the school year
In the first half of September alone, 1.4 billion attempts to access infected websites from various devices in educational institutions connected to a corporate network and Wi-Fi were blocked in Russia, experts from Solar Group said. Izvestia found out how cybercriminals carry out attacks on children and teenagers and how to protect them.
School attacks
According to experts, such activity is caused not only by the actions of the students themselves, but also by the work of infected programs on their gadgets. Most often, spyware and malware and viruses, elements of online fraud and phishing are placed on online gaming platforms, online casinos, 18+ resources, in advertising messages, social networks and "mirrors" of educational resources that deliberately rise to the first place in the search (malvertising).
The largest number of attempts to access dangerous resources were registered from devices connected to the school network of the Central Federal District — more than 450 million times since the beginning of the school year. In the Volga Federal District — more than 261 million times, in the Southern Federal District — almost 210 million times. The North-Western Federal District had the fewest attempts — almost 67 million attempts.
As Oleg Denisenko, Director of the Center for Information and Telecommunication Technologies and Information Protection at FGANU FITZTO, noted, such statistics confirm the critical importance of a comprehensive approach to protecting the digital educational infrastructure.
— Only a single security system deployed at the level of departmental hosting providers can protect critical information resources from DDoS attacks, phishing and malware distribution. Otherwise, information security risks arise in individual educational institutions, which, in turn, creates risks for the entire education system," the expert emphasized.
For this reason, he added, it is important to constantly improve the level of digital literacy of teachers, students and their parents. After all, they can be countered only by combining the efforts of all interested parties.
How are requests blocked?
Data on the number of blocked requests and resource analytics were collected based on the results of an analysis of incoming and outgoing traffic from schools, colleges and technical schools connected to the Unified Data Transmission Network (UESN), the Solar Group told Izvestia. The CAP list includes devices connected to corporate Wi-Fi networks, as well as educational computers, laptops, and tablets.
The current Internet traffic filtering system in educational institutions is based on the methodological recommendations of the Ministry of Education of the Russian Federation. They are aimed at blocking information that may harm the health and development of children. These recommendations are implemented using the domestic SWG system (Secure Web Gateway) Solar WebProxy, which analyzes traffic, blocks access to dangerous sites and helps protect the educational environment from cyber threats.
— The system uses website categorization technology — resources are automatically categorized into thematic categories, and threats are identified based on up-to-date data on malicious and phishing resources. Thanks to this, filtering takes into account the latest threat data, automatically distributes sites into thematic categories and allows you to use "permanent white", "temporary white" and "black lists" to fine-tune access. Additionally, it includes an antivirus check for uploaded files, which allows you to block infected content even at the transfer stage," said Anastasia Hveschenik, Product Manager of Solar WebProxy at Solar Group.
Educational organizations, the Ministry of Education and the Ministry of Education are also involved in the formation of the "permanent white" and "black" lists of resources. According to Solar, over 9500 web resources are included in the permanent white list, about 300 web resources are included in the temporary white list, and about 6500 web resources are included in the blacklist, but these data are constantly changing.
The "blacklist" lists resources that are blocked at the content filtering level. These are either web resources with malicious content (viruses, phishing, signs of online fraud, extremist content), or resources that can interfere with children's learning (websites with ready-made homework, online video hosting and streaming platforms).
Trends of cybercriminals
Analysts have identified several trends in the spread of malicious resources aimed at schoolchildren and students this year. Most of the attempts to access malicious resources were blocked in the second academic week, which means that the number of attacks is growing.
As Anastasia Khveschenik noted, the attackers deliberately increased their impact on teenagers and young people using promotion tools: digital advertising, deepfakes and invitations to closed communities in messengers, phishing resources and "mirrors" of official websites.
"Schoolchildren and students face risks when trying to download a VPN to log into blocked social networks, access online games or answer homework, and search for useful educational information," she explained.
At the same time, children are being attacked not just by hackers, but by organized criminal groups, added Alexandra Shadyuk, Deputy General Director of Cyberdom. They acquire the technical part — malware, phishing pages — in shadow markets, while they themselves concentrate on manipulating the child through messengers, social networks and gaming platforms.
— The main thing in their schemes is psychological influence: intimidation, mimicry of close people — relatives or parents, manipulation, up to suggestion techniques. The child is taught that he must act right now and not tell anyone," Shadyuk explained.
According to her, the level of persuasiveness of criminals has increased in recent years: scenarios for communicating with children are prepared professionally, taking into account their psychology, and technical tools are sold as ready-made kits on the darknet. The use of video communication is widespread — criminals exert pressure in real time and quickly receive the necessary data and money.
How to protect children?
The most obvious risks from schemes aimed at children are the financial losses of the family. But the psychological consequences are no less serious: a child can be under pressure for weeks, in a state of intimidation, and parents do not notice this, Alexandra Shadyuk noted. The most dangerous combination of social engineering and technical tools: for example, when a child is forced to install a program for remote access. This can lead to theft, blackmail, and bullying.
To protect a child from hackers, Alexandra Shmigirilova, GR director of the Security Code Information Security company, advised combining technical measures and the child's education. It is necessary to use antiviruses and parental controls that block access to dangerous sites.
— The most important thing is digital literacy: we need to teach children not to click on suspicious links, not to download files from unreliable sources, check website addresses and use different strong passwords. An open dialogue about online risks is just as important as technical means," the expert concluded.
Переведено сервисом «Яндекс Переводчик»
