School districts nationwide are increasingly targeted by Digital Denial of Service (DDoS) attacks — floods of network traffic that sap bandwidth and prevent legitimate access to computer systems and data. DDoS attacks are often launched by cybercriminals for blackmail or revenge. In some cases, hackers seek to bring down the networks of government agencies or large organizations as a political statement, to gain personal attention or just for their own amusement.
In the case of school districts, however, DDoS attacks have been perpetrated by students seeking to disrupt the educational environment. For example, the St. Charles Community Unit School District (CUSD) 303 in St. Charles, Ill., was hit with 11 four-hour DDoS attacks over a six-week period, in which the entire district lost Internet access. Upon investigation, the district’s IT team determined that students were responsible for the attack.
A similar thing happened to the West Ada School District in Meridian, Idaho, where a student instigated a DDoS attack that lasted an entire week. His motive: He didn’t want to take the standardized tests that were being administered online.
The attacks don’t require a particularly advanced skillset to execute. In fact, they are increasingly launched by so-called DDoS-for-hire services — cybercriminal operations that charge as little as $2 an hour for an attack. That’s how the West Ada student was able to bring down his school district’s systems.
DDoS activity is on the rise, and the attacks are becoming larger. According to the Q4 2016 State of the Internet Security Report from Akamai Technologies, attacks greater than 100Gbps increased 140 percent year-over-year from 2015 to 2016. Many of these so-called “mega attacks” have been attributed to massive botnets comprised of thousands of compromised Internet of Things (IoT) devices. DDoS defenses typically look for an IP address generating large volumes of traffic. The botnets are able to elude these defenses because thousands of IP addresses are involved.
Many organizations wrongly assume that their existing defenses will stop DDoS attacks, or believe they won’t be targeted. The threat is very real, however. According to a study conducted by Kaspersky Lab and B2B International, 43 percent of large enterprises and 28 percent of small businesses suffered a DDoS incident in the preceding 12 months. The study found that 61 percent of DDoS victims temporarily lost access to critical information and 38 percent were unable to carry out their core functions. Given that schools are increasingly reliant upon network access for curricula, productivity tools, testing and other applications, a DDoS attack can have a crippling effect.
The rapid increase in this attack vector indicates that organizations need to take steps to protect vulnerable systems and networks. Firewalls, intrusion protection systems and other security tools may mitigate very low-level attacks, but high-volume attacks can easily overwhelm the capabilities of traditional solutions. In fact, older security devices can become the attackers’ unwilling allies because they are unable to separate legitimate from illegitimate traffic.
As DDoS attacks have become larger and more and frequent, organizations need to rethink their security measures. A defense-in-depth posture with up-to-date security equipment offers the best protection against the rising tide of DDoS attacks.
by Edna Zielmanski