1(630)802-8605 Ravi.das@bn-inc.net

Well good Monday morning everyone!  As I was scouring the news headlines as to what to you bring to you this morning, I finally came across some good news!  Apparently, a Cyber attacker launched some sort of attack on a computer network in a Vermont school district, in the hopes of taking what was out of the bank account, all $50,000 of it.  But luckily, because of strong human vigilance, this theft was avoided.

This attack also occurred at a critical time right when school districts in Vermont and across the country are on their own creating cyber safety training programs and working with limited budgets for their district’s technology.  This particular Cyber-attack occurred in the Pownal School District.  Because of the lack of the funding, they have not been able to invest in the latest and greatest Security technologies.

Rather, what was key in stopping the Cyber attacker was just school officials being alert and notifying law enforcement just in the right time once the red flags were raised that something odd was occurring.  The school districts all across Vermont have a point person for Cyber security, Peter Drescher.  He is the director of education technology for the Vermont Agency of Education.

His primary job function is to raise awareness about cybercrime and threats and is involved with crafting Cyber security training programs with the limited amounts of money that the state has at the current time.  But interestingly enough, he has no enforcement authorities what so ever.

As a result, financial accounts and student relate data are safe guarded by the district policy of each school and the knowledge of whomever is tasked with network updates.

Even more shocking is that some of these school districts are still using dial up modems!  WOW!!! In an effort to shore up efforts to make all of the Vermont school district on a high speed ethernet based network, Vermont’s Agency of Digital Services was formed in April 2017 to centralize all plans going forward, especially in the way of expanding the Cyber security training workshops that are already in place for students and school officials.

The results of all these is efforts is expected to bear fruit by 2022.  However, efforts are already underway to further modernize these training programs by at least 25% by the end of 2019.

In the case of this specific Cyber-attack, malware was the main vehicle that was used launch the Cyber-attack.  But just as this started, the Southwest Vermont Supervisory Union staff contacted People’s United Bank as soon as alerts popped up indicating an unscheduled bank account activity, which was the intended wire transfer of $50,000 to an offshore bank account.

Then, the Bank of America was contacted immediately, and as a result, the transfer was halted just in time.  Some money made its way (an undisclosed amount) to the phony bank account, but those were recovered by July 6th, thanks to the investigative efforts by the FBI.  Apart from these quick actions being taken, the state of Vermont has also implemented another proactive step:

The implementation of the Security Breach Notice Act, which requires that any entity, whether profit or not for profit must report any type or kind of Security breaches within 14 days to the Vermont Attorney General’s office.  From here, information is then disseminated so that it can be shared with the entire community of the state.  Further details on this Act can be seen at this link:

http://ago.vermont.gov/privacy-data-security/

Even better news is that a plan will be presented to the State Legislature for a Cyber security operations center in partnership with Norwich University. The plan will implement 24/7 monitoring of the state’s data. Also, once this is firmly set into place, services will also be made available to school districts for a low fixed cost.

Also, the Leahy Center for Digital Investigation in Burlington is offering a free consultation engagement for managers of small towns, nonprofits and school districts who need help getting computer software into compliance with safety standards.  So why is there a sudden uptick in targeting educational institutions by the Cyber attacker?

There are two reasons why:

*Because of the lack of Cyber security funding’s, the attacker knows that they are an easy target because of their lack of modern technologies;

*The sheer threat of publicly releasing student information has the educational institutions across the United States on pins and needles out of fear.  A prime example of this is the school district in Loeminster, Massachusetts just recently paid a Cyber attacker group $10,000 in Bitcoins just to get the decryption keys back.

It seems like that most of these Cyber-attacks are originating from North Korea and are using ransomware as the main launch vehicle.

The Department of Education just released a statement about the rise of Cyber attacks on educational institutions here in the United States.  It can be seen at this link:

https://ifap.ed.gov/eannouncements/101617ALERTCyberAdvisoryNewTypeCyberExtortionThreat.html

In my opinion, what happened in Vermont is just the picture-perfect example of just how human vigilance and being proactive about your Security environment can indeed avoid a Cyber attack from actually coming into fruition.  True, technology is needed, but once again, you need both in order to keep ahead of the cat and mouse game in the Cyber threat world.

One final note:  Although that school district did pay the ransom, one should never do that, no matter what the extent of damage may occur after that.  By paying up, you are only feeding into the hungry stomach of the Cyber attacker even more for an even bigger prey.