With the risks related to Covid-19 expected to remain until a vaccine is more widely available, educational institutions across Southeast Asia have been forced to adapt to this unique situation.
The unexpected disruption that began early last year required educators to move offline schooling to remote or hybrid learning environments, with little to no preparation. Aside from the technical aspects of the shift, cybercriminals are also preying on the already burdened sector, the internet security firm Kaspersky warns.
Globally the total number of distributed denial of service (DDoS) attacks increased by 80% in the first quarter of 2020 from a year earlier, the company said. Attacks on educational resources accounted for a large portion of this growth. Between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350% year-on-year.
In a denial of service attack, cybercriminals attempt to overwhelm a network server with requests for services so that the server crashes -- denying users access. DDoS attacks are particularly problematic because they can last anywhere from a couple of days to a few weeks, causing disruptions to organisations' operations and -- in the case of educational resources -- denying students and staff access to critical materials.
Kaspersky Security Network (KSN) also noted a steep surge in the number of users in Southeast Asia who faced threats disguised as e-learning and videoconferencing platforms during the first three quarters of 2020. Applications and tools include Moodle, Zoom, edX, Coursera, Google Meet, Google Classroom and Blackboard.
From just 131 affected users from January to March 2020, in the second quarter Kaspersky saw a jump to 1,483 unique users in Asean experiencing online threats related to virtual education and online videoconferencing applications. It also monitored a slight decrease to 1,166 users almost infected with malware in the third quarter.
The sharp rise in threats showed that "cybercriminals are well aware of the new loopholes they can exploit to victimise the already stressed educational sector", said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
"This forced but needed online transition has left educators overwhelmed and anxious, which also means they are more vulnerable to falling prey to old but effective social engineering tricks such as phishing and scams."
Kaspersky offers solutions and cybersecurity training to help teachers and school administrators build technical and behavioural defences against cybercriminals.
"We believe with the right security tools in place and proper mindset, educational institutions can focus better on how they impart knowledge to their students during the pandemic," said Mr Yeo.
Kaspersky suggests the following steps for educators to improve their security online:
1. Learn about the tools you are using: Know their capabilities and features as well as you can by reading through the instructions, learning the interface, and searching on the internet for configuration guides. Ensure that you follow the rules set by your institution as well.
2. Limit your tools: The IT tools you select to conduct classes should be convenient for both teachers and students. More tools does not necessarily mean a better experience. Before starting classes, make sure you have sufficient tools for the job and that all participants in the educational process are comfortable using them.
3. Set a unique password for each service: For every account, you need one unique password. Of course, all of your passwords should be strong -- long enough and not too obvious.
4. Guard your educational accounts: Pay careful attention to the accounts you use for educational purposes. You should have no problems accessing them at any moment, and no one else should be able to log in to them.
5. Understand how to recognise phishing emails: It is important to know how to distinguish phishing attempts from official mailings and the messages legitimate services might send. Phishing sites often contain errors, misaligned layouts and broken links, but sometimes scammers manage to create phishing pages that are indistinguishable from the real thing.
6. Protect devices: You need reliable protection on every device you use to access educational resources. If a student's school computer is crawled by ransomware, for example, restoring the computer and files can waste a lot of valuable time.
And if a teacher's computer becomes compromised, things can get even more challenging. Some malware may try to spread to students' devices. That is why you need reliable protection on all computers, smartphones and tablets.
