Last month a group known as Apophis Squad sent out hoax e-mails detailing a bomb threat to schools, leading several to evacuate.
The e-mails were indeed false, but their effectiveness drives home the potential disruption and distress of malicious e-mail. This is a subject that should be understood within schools and the various risks guarded against.
This group, and others like them, are connected to other cybercrime activities, such as ransomware and DDOS attacks.
Ransomware is up there as one of the most concerning developments in recent cybercrime, and steps for prevention and protection should be high on school’s agenda.
Ransomware is malicious software that denies access to your files and demands a ransom to allow access again. With so much sensitive and critical data on a school’s network, this presents a nightmare if affected, one that that is potentially extremely costly – either in data loss or financially.
These attacks are often disguised in spoof e-mails, with attachments or links that lead to infection of the network.
DDOS attacks on the other hand are ‘Denial of Service’ – a cyber attack where perpetrators make a network unavailable. These are designed often to be merely a nuisance but may also be designed to disguise a hack on the network as merely a ‘technical problem’.
With the Apophis Squad hoax campaign specific to schools, this does raise the need for awareness of these attack types and what they look like. Schools should take necessary steps to protect themselves against them.
General spoof e-mails are one thing, as often they are vague and clearly ‘not meant for me’. But an e-mail written in a way that *could* apply, using education specific, or even establishment specific descriptions and language, is something that heightens the chance of the accidental opening of malicious attachments or links.
The important point is to reiterate to all staff the importance of suspicion when it comes to e-mails and internet use in general.
DO NOT open e-mails if you are unsure about the source, and DO NOT open attachments unless you are sure it comes from a trusted source. If you are unsure, always ask a second opinion and even further, ask the advice of your IT provider.
Use this time of heightened data protection sensitivity to educate on the risks of ransomware and cyber-crime, and ensure staff are prepared.
If you have any further questions or concerns about ransomware, or you want more information about the issues raised, don’t hesitate to e-mail us.
