Adware, Trojans, and other forms of malware pose a threat to all industries and sectors. But education is one that is particularly vulnerable. For 2018, the education industry was the top sector to be compromised by adware and Trojan detections, and second on the list of those most commonly affected by ransomware, according to a report released Wednesday by Malwarebytes.
The hazards have continued during the first half of 2019, according to the report, which found that adware, Trojans, and backdoors represented the three largest categories of threats among educational institutions, at 43%, 25%, and 3%, respectively. Ransomware threats fell to less than 1%, though Malwarebyes called that low percentage a byproduct of the timing of the study, as the number was higher both before and after this period.
SEE: Technology in education: The latest products and trends (free PDF) (TechRepublic)
Education may sound like a less inviting and less profitable target for cybercriminals than businesses and corporations. But the education industry attracts malware because it’s a challenging sector to defend. In addition to all the devices owned by an institution, there are a large number of non-institution-owned devices that plug into a school network, where they can easily spread malware across the entire organization.
Among adware families, SearchEncrypt, Spigot, and IronCore were the most common ones found among educational users, accounting for almost 15% of all detected threats. However, Trojans represent a far larger threat to the education sector.
Trojan attacks grew among all industries in 2018, rising by 132% from the previous year. Education, manufacturing, and retail were the top industries hit by Trojans last year, with education topping the list. The threat for education rose during the first half of 2019, as more than 25% of all malware detections on devices were identified as Trojans.
More specifically, Trojans accounted for almost 30% of detections on devices owned by the educational institutions. But among guest devices connecting to the network, Trojans were the biggest threat category, with 33% of such devices found to be carriers of this form of malware.
Among Trojans families, Emotet, TrickBot, and Trace were especially active in education during the first half of the year, with the three accounting for 44% of all Trojans detected and 11% of all malware discovered.
Emotet uses both stealth and brute force in its attempt to steal information. Once this Trojan has penetrated a network, it exploits an SMB vulnerability called EternalBlue to infect unpatched and unprotected systems. These infected machines then spread Emotet laterally across an organization using brute force to capture domain credentials. TrickBot tries to grab information by downloading components to perform specific malicious tasks, such as keylogging and moving laterally within a network.
Data from educational institutions and .edu domains from March 2018 to March 2019 also found more threat activity.
A high spike in detection activity was spotted in July 2018 and September 2018 for Trojan infections from .edu emails overall. Spyware infections to these domains jumped in August 2018, suggesting that summer is an opportune time for cybercriminals to hit students and educational institutions that may be low on staff and less attentive to security. During the summer, .edu email addresses are also likely used on a range of other networks by students who travel and then bring their infected devices back to their school networks in the fall.