Schools and universities, with their treasure troves of sensitive data and often insufficient cyber security measures, have become prime targets for cybercriminals. This is evident in the latest report from Check Point Research, the Threat Intelligence arm of Check Point Software Technologies, which found that the Education sector has been the most targeted industry for cyberattacks so far in 2024. The data also shows a disparity when comparing sectors and regional differences.

Education in focus
From the beginning of the year to the end of July, the Education/Research sector has been the most targeted industry globally, with an average of 3,086 attacks per organization, per week. That is a 37% increase compared to the previous year, as opposed to the next most targeted industry, Utilities.

Overall attacks per region
The APAC region has seen the most cyberattacks against organizations in the Education/Research sector since the beginning of the year, with 6,002 weekly attacks per organization. However, North America experienced the highest YoY increase with a 127% rise.

Overall attacks per country
India is the most targeted country in the Education/Research sector, with 6,874 weekly attacks per organization, representing a 97% YoY increase. Other notable changes include Germany (^66%) and Portugal (^66%).
India seems to experience the most attacks mainly due to the rapid adoption of remote learning fueled by the COVID lockdowns and the ongoing digitization of education, which have created lucrative opportunities for cybercriminals seeking to steal personally identifiable information (PII) to sell on the Dark Web.

Additionally, the proliferation of these online learning platforms catering to everyone from preschoolers to retired professionals has increased cyber risks as schools and universities often do not emphasize cyber security sufficiently, leaving their networks vulnerable. The diverse groups involved in these educational networks—including students, teachers, parents, and educational professionals—further expand the attack surface, providing multiple weak points for malware insertion and unauthorized access to financial and PII data.

Why are schools targeted by cybercriminals?
Part of the appeal is the sheer number of personal details retained by educational institutions. In most companies you tend to only have employees whereas schools, colleges and universities don’t just have employees like teachers and lecturers, they also have students. With so many more people, this makes networks in the sector much bigger, more open and more difficult to protect. Plus, that also means there is so much personally identifiable information (PII) that can be used for financial gain.

Students are not employees beholden to strict corporate guidelines on appropriate access to networks. They bring their own devices on campus, work from shared student accommodation and connect to free public Wi-Fi without thinking about the security risks first and foremost. This combination has contributed to the perfect storm.

Files Phishing Campaign
Ahead of the upcoming school year, Check Point observed 12,234 new domains created related to schools and education, marking a 9% increase YoY. Among these, 1 in every 45 domains were found to be malicious or suspicious.

In July 2024, Check Point Research observed multiple phishing campaigns in the USA that use file names related to school activities to lure victims. The first campaign, associated with the file name “DEBIT NOTE_ {name and date} _schoolspecialty.com.html” (figure 2) emulated an Adobe PDF sign-in message.

Another campaign used the file name “{school name} High School July Open Enrollment for Health & Financial Benefits.htm”(figure 3) and contained highly obfuscated code, appearing to display a Microsoft login page for some organisations.

Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East, said, “With the education sector experiencing an unprecedented volume of attacks so far this year, it is evident that schools, colleges and universities are at the forefront of cybercriminals’ agenda. This surge illustrates the critical need for robust cybersecurity measures and heightened awareness within educational institutions to safeguard sensitive data and maintain operational integrity.”