The La School District Cyber Attack Keeps Unravelling – Expert Comments

Jeremy Kirk, the editor over at ISMG reported on Twitter last night that the Vice society was claiming responsibility for the LA School District cyberattack. The Vice Society is a “double extortion” ransomware group, meaning they encrypt the data and also threaten to publish it.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
John Gunn
John Gunn , CEO
InfoSec Expert
September 12, 2022 2:09 pm

Most public school districts are notoriously under-funded. They can barely pay their teachers, so how much do you think they are spending on cybersecurity? This under-investment in cybersecurity makes them prime targets for amateur hackers; the ransomware pros won’t go after the public school districts because they know they have no money to pay a ransom.

Last edited 2 months ago by John Gunn
Charles.medina
Charles.medina , Security Engineer
InfoSec Expert
September 12, 2022 2:08 pm

Cybersecurity is very much fought on the defensive and rarely fought on the offensive, especially within the K-12 space. If an organization is taking the time to run internal audits on their security infrastructure, then you are already fighting half the battle. Additionally, if you’ve run those infrastructure audits and actually find vulnerabilities within your system, congratulations! You have successfully placed your organization ahead of any bad actors who might take advantage of those vulnerabilities and potentially stop a planned attack in its tracks.  

As a Cybersecurity professional, I understand the lack of training that exists for the endless amount of tools organizations seem to gather in hopes of a “hardened” security posture. I also understand that organizations like our K-12 districts don’t have endless amounts of funds. We cannot predict when or what the next attack is going to be. However, if I may offer a place to start (re-start rather). Three first steps:
 

  1. Reestablish your district’s security posture and drill down on what problems you face today within the Cyberspace and utilize your current IT teams to address the small stuff immediately (stronger passwords, verifying port configurations, establishing stricter policies on email or USB devices).
  2. Review all the Security tools you use as an organization. Establish what each tool does, what tools you can get rid of to cut costs, and what tools may be redundant or not apart from your overall security posture. Too many tools is a problem within organizations as they bog down the security teams. Get with your vendors and share your cutting tools and ask how theirs can do the job of multiple others. I’m sure you will get a Sales engineer ready to provide a full on comparison (for free).
  3. Now that you’ve cut tools, use the money that was being applied towards them and kick those funds to your IT team for training. Train/ Certify on your deemed “mission-critical” tools, and you will now have expert level internal knowledge of those tool sets, thus a more capable security team.
Last edited 2 months ago by charles.medina
Corey.sinclair
Corey.sinclair , Customer Threat Analyst
InfoSec Expert
September 12, 2022 2:07 pm

While there’s been a lot of speculation about the attack targeting the Los Angeles Unified School District, it’s unclear when the attackers gained initial access to the network and if the report accurately reflects the school district’s network’s vulnerabilities as it exists today. Network environments change from day to day as users are added or removed, and technologies are adopted or sunset. While it is possible that attackers could have exploited various vulnerabilities or misconfigurations over two years ago and waited until now to conduct an attack, it is more likely that they gained access relatively recently. 

Furthermore, the exact vulnerabilities or misconfigurations exploited by the attackers are still unknown. This is why it’s so important for organizations to constantly apply patches and fixes when they are made available, and then proactively pentest their network from an attacker’s perspective. This can help them find, fix, and verify any vulnerability or misconfiguration that was in their environment is no longer exploitable. Taking these steps makes it far less likely that an attacker can gain access to a network and move across it to steal data or bring it down, and ensure that organizations are continuously verifying their security posture.

Last edited 2 months ago by corey.sinclair
3
0
Would love your thoughts, please comment.x
()
x