Distributed denial-of-service (DDoS) attacks on schools and higher institutions are reaching their all-time high, as DDoS tools become cheaper and more accessible than ever. What does it mean for online education?
With the onset of Covid, online classes are starting to become a staple of modern learning. Many schools, colleges, and universities remain closed for months due to social distancing. Over 1.2 billion children are out of school globally.
Instead of whiteboards, we’re starting to use digital boards and software such as Miro. Instead of classrooms, we’re using Zoom and Skype calls. And for many, the only way to find out when the next lesson is starting is to look up a digital timetable on a school’s website.
At the same time, online learning infrastructure is largely unprotected. Many local schools or university websites operate under the pretense that they won’t become a DDoS target. And it’s easy to think that way. These platforms are small, they don’t generate a lot of income, if any, and they contribute to a good cause. So who would DDoS them?
Turns out, many would. In 2021, DDoS tools have become incredibly accessible. It is possible to install a simple program with a user-friendly graphical control panel and launch a powerful network flood for just a few dollars.
These circumstances created an unlikely culprit.
What did you do when you wanted to ditch school? You probably, well, ditched school, right? As in, didn’t come to class. In 2021, however, some students, who feel the same way, DDoS their school website or video conference provider instead.
These small online platforms are used to feeling relatively secure, thinking of themselves as uninteresting for threat actors. As such school resources often lack any kind of cybersecurity protection. They are easily overloaded and shut down for days at a time.
The combination of under-preparedness of schools to meet the threat, their importance, and ease of launching an attack creates a huge opportunity for disruptions. And it can become disastrous.
During a transition to online learning, the education industry became one of the chief targets for DDoS actors. During the first quarter of 2020, the number of attacks on e-learning websites grew 550% compared to the same period in 2019. This trend continued well into 2020, with next months displaying 350% to 500% growth in DDoS attack volume, compared to the corresponding periods in 2019.
As many as 168,550 students faced difficulties with their online learning or video conferencing platforms, unable to adhere to their learning schedule.
Apart from schools, online communication tools are also becoming attack victims. Platforms such as Zoom being DDoS’ed and becoming targets of sophisticated phishing attacks.
With our reliance on technology, the uptime of educational resources is crucial both for pupils and educators. Learning platforms provide both parties with educational material. Without it, students literally can’t learn, and teachers can’t teach.
When you ditched school as a kid, the only party harmed in the process was you. If you can even call it that. When somebody ditches school by DDoSing its website or bringing down a video conference, it affects everyone in that institution.
Imagine what would happen, if these attacks became even more frequent. Potentially, even children can keep a school website down for the majority of the time. It’s not implausible to imagine that a group of students wishing to play video games instead of going to class coordinates resources and brings down a website, halting the ability of hundreds of students to continue learning.
And considering how easily the information spreads today, a precedent of kids successfully keeping the school down for weeks to ditch classes can easily become viral, causing more students to copy-cat.
To summarize, DDoS attacks on education are not just threatening the cybersecurity of e-learning websites. Amidst the pandemic, which is probably here to stay for years still, these attacks are threatening education itself.
Thankfully, the penetration of cybersecurity services in the e-learning market is starting to increase, in response to the growing wave of attacks.
Overloaded VPN services and firewalls are often becoming contributing factors to successful DDoS campaigns, carried on e-learning platforms. Trusted online cybersecurity providers can help filter and redirect malicious traffic, making a website much more DDoS resistant.
At the very least, an average attack launched by a student is almost certain to be mitigated, if a website has some form of specialized DDoS protection.
Thankfully online DDoS protection is relatively affordable and schools should have the budget for it. More importantly, what has to change first, is the mentality. Stakeholders in educational institutions need to take the threat seriously and start building defences now.
Or, we just might have to learn, what a world without a functioning education system looks like.