With organizations across the world continuing their operations remotely, opportunistic cybercriminals are taking advantage of this situation by targeting online e-learning platforms. Hackers have set their sight on the education industry with various kinds of phishing attacks, fake domains, and other malicious activities. A survey from Kaspersky revealed that there has been a surge in distributed denial-of-service (DDoS) attacks on online educational services in 2020, compared to 2019. In a DDoS attack, threat actors try to make a targeted system or service unavailable to its users by flooding with unwanted incoming traffic from different sources.
Kaspersky’s researchers discovered that the total number of DDoS attacks increased by 80% in the Q1 of 2020, compared to Q1 2019. Between January and June 2020, the number of DDoS attacks affecting educational services increased by 350%, compared to the corresponding months in 2019, with the largest rise reported in January 2020, by 550%.
- For each month from February to June, the number of DDoS attacks that affected educational resources out of the total number of attacks was 350-500% greater in 2020 than in the corresponding month in 2019.
- From January to June 2020, the total number of unique users that encountered various threats distributed under the guise of popular online learning platforms/video conferencing applications was 168,550, a 20,455% increase when compared to the same period for 2019.
- From January to June 2020, the platform most used as a lure was Zoom, with 5% of the users that encountered various threats encountering them via files that contained the name Zoom. The second most common platform used as a lure was Moodle, followed by Google Classroom, Coursera, Google Meet, Blackboard, and edX.
- By far the most common threats encountered in 2020 were downloaders and adware, which were encountered in 98.77% of the total registered infection attempts. Various classes of trojans followed adware.
- For threats distributed under the guise of popular platforms for conducting online classes in 2020, the greatest number of infection attempts registered came from Russia (21%) followed by Germany (21.25%), Austria (1.44%), Italy (1%), and Brazil (1%).
“As long as online learning continues to grow in popularity, cybercriminals will attempt to exploit this fact for their own gain. That means educational organizations will continue to face a growing number of cyber risks – into this fall and beyond. Fortunately, engaging – and secure – online academic experiences are possible. Educational institutions just need to review their cybersecurity programs and adopt appropriate measures to better secure their online learning environments and resources,” Kaspersky said.
Cyberattacks Reported on E-Learning Platforms
In the recent past, hackers targeted multiple e-learning portals to steal users’ personal information. India-based online learning platform Unacademy also suffered a data breach that exposed details of 22 million users. Cybersecurity firm Cyble revealed that the unknown hackers kept 21,909,707 user records for sale at $2,000 on darknet forums. The compromised information included usernames, hashed passwords, date of joining, last login date, account status, email addresses, first and last names, and other account profile details. Earlier, a Spanish e-Learning platform 8Belts suffered a data breach that exposed personal data of over 100,000 e-learners across the globe.