The importance of DDoS mitigation in the education sector

570
Computer tracking - Image by Guilhem Vellut
Computer tracking - Image by Guilhem Vellut

It’s no exaggeration to say that the effects of the coronavirus pandemic have changed life as we know it. A year ago, the idea that large numbers of people would be working from home (if they’re fortunate enough to be working at all) at the end of 2020, with no immediate end in sight, would have sounded crazy. Today, it’s increasingly described as the “new normal.”

One of the areas most impacted by this transition has been in the education sector. Whether it’s schools, colleges or universities, many educational institutions have had to quickly reconfigure to a world where it’s simply not possible to bring large numbers of people together in one place to interact and learn.

Instead, there has been a rapid rise of adoption for remote schooling in which students learn from home. E-learning and teleconferencing platforms such as Zoom and others have, in a very short space of time, become as synonymous with the school experience as whiteboards, textbooks and cafeteria lunches. They helped to continue the education of the more than 1 billion children across 186 countries affected by coronavirus-related school closures.

A target for attackers

These learning platforms represent critical infrastructure — and, unfortunately, that makes them a target for cybercriminals. Malware, phishing attacks, vulnerability exploits and many other forms of cyber attack aimed at education institutions have ramped up significantly this year. However, the most widespread are Distributed Denial of Service (DDoS) attacks. Without the proper DDoS mitigation tools, such attacks can be devastating.

What is widely recognized as the first DDoS attack took place in the summer of 1999 when a malicious script called Trin00 was used to attack a 114 computer network at the University of Minnesota in the United States. More than two decades later, access to connected computer systems is far more widely relied upon — especially during the current pandemic — than it was at the tail end of the twentieth century. DDoS attacks have also gotten significantly larger and more damaging.

What is a DDoS attack?

A DDoS attack refers to a form of cyberattack in which an attacker bombards a victim or target with massive quantities of fake traffic with the aim of knocking it offline or otherwise rendering it inaccessible to legitimate users. Attacks can range in size, but could be over a terabit-per-second, as was the case with Amazon Web Services (AWS) which reported, in February, defending against a 2.3 Tbps attack. While an attack of that size is unusual, far smaller attacks can successfully take down targets for a prolonged period of time. Those outages could mean anything from customers unable to access services they pay for to, in the case of education, students unable to learn, staff unable to access critical records or to remotely log-in to computer systems.

Attacks may come from anywhere. For instance, in September 2020, a 16-year-old high school junior was arrested for launching eight DDoS attacks against Miami-Dade County Public Schools. Other attacks could be directed by hacktivists, would-be extortionists or just plain troublemakers, who want to cause the maximum amount of damage they can at a time when online services are needed the most.

There are a number of reasons why schools and other educational institutions could prove appealing targets for hackers. As noted, these services are being leaned on more heavily than ever, meaning that hackers will be able to have a large impact on their attack. School systems can also make use of older, less up-to-date technology with legacy hardware and software and older networks. Furthermore, unlike large companies that prize security above all else, learning establishments are often set up in such a way as to make it easy for students to connect — whether that’s free WiFi on the school premises or, increasingly, distance learning tools that allow students to attend class. There’s sometimes a trade-off between security and ease of use, and many schools opt for the second of these, even if they don’t necessarily realize this is the case.

Blocking bad traffic, letting in good

But there are solutions available. Cybersecurity experts can help mitigate DDoS attacks by monitoring for unusual traffic and intelligently sorting it from legitimate requests. They can then block these bad requests while allowing the good ones through. In addition, they can help process any DDoS attacks that do arise by offering up enough scalable network capacity to handle these bandwidth attacks without being overloaded.

In addition, Web Application Firewalls can help closely monitor cyber-attacks such as Remote Code Execution (RCE) attacks in which attackers try to seize control of a server by executing arbitrary malicious code. They do this while also making the necessary reports so that people running them can see exactly what’s happening on their systems.

Remote working and remote learning aren’t going away. Even after the current pandemic is over, it’s highly unlikely that everything will go back to exactly the way it was before COVID-19. Unfortunately, cyberattacks aren’t going away either. But, on the plus side, the tools now exist to not only make remote working and learning possible but to protect those who rely on it. This is a lesson that anyone involved in an educational institution should be sure to learn.