Home-based learning in Q2 to Q3 this year was a magnet for attacks on virtual learning tools and educational platforms.

There has been a steep surge in threats disguised as e-learning and videoconferencing platforms in South-east Asia during the first three quarters of 2020.

Applications and tools implicated include Moodle, Zoom, edX, Coursera, Google Meet, Google Classroom, and Blackboard, according to Kaspersky researchers.

From just 131 affected users on January to March 2020, Q2 saw Kaspersky’s cybersecurity software detecting 1,483 unique users in SEA against online threats related to virtual education and online videoconferencing applications: a 1,032% increase in a per-quarter comparison. In Q3 there was a slight decrease to 1,166 users almost-infected with malware.

Basic EDR needed

According to Yeo Siang Tiong, General Manager (Southeast Asia), Kaspersky: “The four-digit rise in the number of users we’ve secured from various threats online prove that cybercriminals are well aware of the new loopholes they can exploit to victimize the already stressed educational sector. This online transition has already left educators overwhelmed and anxious, which also means they are more vulnerable to falling prey against old but effective social engineering tricks such as phishing and scams.”  

On another attack front, the total number of distributed denial-of-service (DDoS) attacks had increased by 80% in Q1 2020 on year, with attacks on educational resources accounting for a large portion of the surge. Between January and June 2020, the number of DDoS attacks affecting educational resources had increased by at least 350% compared to the corresponding month of 2019.

DDoS attacks are particularly problematic because they can last anywhere from a couple of days to a few weeks, causing disruptions to organizations’ operations and — in the case of educational resources — denying students and staff access to critical materials.

In view of the fact that schools and colleges may have a limited budget and workforce for IT security, such organizations can implement basic endpoint detection and response (EDR). This provides infrastructure visibility as well as incident investigation and response capabilities against basic to complex threats.