Defending the Online Education Sector

Other names for the sector – E-learning, online learning, Edtech

With a major shift to virtual classrooms, the Edtech startup companies pose a significant target for cyber criminals. As more students get connected to the Internet the threat has never been greater. Cyber attacks continue to plague the education sector, and they’re only intensifying. The consequences can be devastating and long lasting.

Hackers are probably minting on the fact that the education sector is an under performer when it comes to security against cyber threats. In wake of this recent incidents, it becomes even more important for online Edtech & universities to be prepared for cyberattacks.

The sector is a lot more different as it involves kids interfacing with the online mobile applications and high participation in social media.

The online education cyber landscape

Video conferencing, user tracking, poor privacy controls, malware are most common.The highest risks associated are

• With more teachers and students online, particularly if they’re doing it from less controlled environments, the attack surface is increased
• Almost every Edtech company has faced a data breach
• Fraud scenarios are very common
• Malware and ransomware attacks
• The kids themselves can be threats – Sample scenario
• Specific Threats
  • Identity spoofing and unauthorized user access risk
  • Privilege Identity access escalation and unauthorized user access risk 
  • Silent listener (Nontraceable, unauthorized access) risk
  • User credentials Security exposure and compromise risk
  • User data and intellectual data security and privacy exposure and compromise risk
  • Infrastructure and service compromise and availability  risk 

Understanding personas in online learning

• Students
• Parents / Family
• Teachers
• Content developers
• Administration / Operations
• E-commerce / Marketing / Analytics teams
• Development team including DevSecOps

FlexibleIR Approach

We have a strong understanding of the attacks scenarios around the edtech space. Our approach is to holistically evaluate the space to defend it better.

1. We have a fair and comprehensive view of the risks, threats, an indicator of compromise (IOCs)
2. We understand how the learn from home during pandemic brings in additional risk vectors
3. We understand the motives and TTE (tools, techniques and exploits) of the threat agents operating in the domain
4. We provide Incident Response playbooks and build the skill set around using them

How FlexibleIR can help

• COPPA compliance assessments.
• Overall threat assessment and continuous threat updates.
• Implementing Playbooks for the threats and mapping them down to the Mitre Att&ck framework.
• Create a Threat model around all the elements in the ecosystem. Overall architectural review of the system to understand the cyber surface exposed.
  • Client mobile apps for students, teachers, content creators
  • Backend systems
  • Cloud infrastructure
  • CRM
  • Billing systems
  • Content creation subsystems
  • Web front ends
  • Social media
• Assessment of the mobile applications which form the core front end of the system.
• Assessment of all logs from the applications and operating systems are flowing in and retained for analysis.
• Assessment w.r.t PII information stored.
• Deception technologies
• API vulnerabilities

References

• https://www.ic3.gov/media/2018/180913.aspx
• https://i.blackhat.com/USA-20/Thursday/us-20-Wolfe-Edtech-The-Ultimate-Apt.pdf
• https://edtechmagazine.com/k12/article/2020/06/cyberattacks-increasingly-threaten-schools-heres-what-know-perfcon
• https://www.microsoft.com/en-us/wdsi/threats

Back-end architectures to threat model and defend

• Clever.com
  • https://aws.amazon.com/solutions/case-studies/clever/
  • https://engineering.clever.com/2019/07/24/using-iam-roles-with-session-policies-for-least-privilege/
  • https://engineering.clever.com/2018/07/24/securing-new-products-at-clever/
  • https://engineering.clever.com/2018/10/12/clever-sso-resiliency-october-update/
• Coursera.com
  • https://medium.com/coursera-engineering/migrating-from-ec2-classic-to-vpc-part-i-5f44c039cb7
  • https://aws.amazon.com/solutions/case-studies/coursera/
  • https://medium.com/coursera-engineering
• Desire2Learn
  • https://aws.amazon.com/solutions/case-studies/d2l/
• Ellucian
  • https://aws.amazon.com/solutions/case-studies/ellucian/
• Chegg
• Udacity
• Ascend
• Skillsoft
• Lamdaschool
• Byjus

Academic Case studies with usage of FlexibleIR platform

• Blackbaud – https://cyware.com/news/blackbaud-and-beyond-educational-sector-targeted-consistently-in-cyberattacks-df5a3aee
• https://news.yahoo.com/malware-issues-disrupt-distance-learning-194617671.html
  • “The restoration process requires extensive system and data testing. We will not risk resuming operations before testing the stability and reliability of the system,” said Dr. Joel Kinnamon, COD superintendent/president. “While we cannot provide an exact timeframe for the complete remediation of college systems, we are working diligently to ensure systems and operations are restored as soon as possible.”