Fifteen secondary schools across Nottinghamshire have been forced to shut down their IT networks after the central trust that manages them was hit by a “sophisticated” cyber attack.
All of the schools that are part of the Nova Education Trust have had no access to their “usual modes of communication” since 3 March, including email, phones and their websites. This means that online learning provisions set up in response to the Covid-19 pandemic cannot currently go ahead for pupils learning from home.
A spokesperson for the Nova Education Trust said the attack, which resulted in unauthorised access to its infrastructure, caused the trust to temporarily shut down all IT systems as a security precaution while the central IT team investigates its origins and potential impact.
“The incident has been reported to the Department for Education and the Information Commissioner’s Office, and the trust is currently working with the National Cyber Security Centre and additional security professionals to resolve the matter,” said the spokesperson. “All trust employees have been advised to take the necessary precautions.”
Each school involved with the trust has also been advised to shut their IT systems down while the investigation is conducted, with many warning students to not access material previously sent from the school via channels such email, Dojo, or Microsoft Teams.
The trust said on 4 March that it had been working “around the clock” to restore access to email and remote learning platforms, which allowed teachers to resume online learning later that day.
Technicians working alongside the central IT system will be continuing with the recovery of the infrastructure for the remainder of the week so that the issue can be fixed before students return to the classroom on Monday.
A NCSC spokesperson said: “We are aware of this incident and are working with the Nova Education Trust and law enforcement partners to fully understand its impact.
“The NCSC works closely with the education sector and we have published practical resources to help schools improve their cyber security and response to cyber incidents.”
There is currently no indication to suggest that any personal data of either the staff or the students was breached as a result of the cyber attack.
According to Stephen Kapp, CTO of security management firm Cortex Insight, the introduction of remote learning has opened schools up to more avenues of attack, meaning they need to make IT security a priority during the pandemic.
“Even though the exact method of the attack is unknown, it still highlights the importance for schools to implement good cyber hygiene. To avoid attacks, the best defence is prevention. Updating and patching systems should be a priority for schools and mandatory for their pupils,” he said.
“This is especially necessary with the increase in laptops and other devices being used for remote learning, as the underlying systems for virtualisation that support these devices are often overlooked for various reasons.”
He added that security training awareness would also be key for preventing further attacks, as it can teach both students and staff how to spot common attack vectors and get to grips with the importance of cyber security.
“By instilling this mindset in students from a young age, it will benefit them later in life by providing them with valuable skills necessary for navigating an increasingly digitalised society,” he said.
Although unconfirmed, the attack shares similarities with a spate of ransomware attacks that disrupted schools, colleges and universities in 2020.
“Attackers will often choose targets where they can cause the most damage and disruption, so targeting schools during an already challenging time would seem to follow the pattern of previous attacks,” said Jérôme Robert, managing director at Active Directory cyber security specialists Alsid.
“While a group of schools wouldn’t be expected to have deep pockets, it’s possible the attackers are counting on the government to help resolve the attack – perhaps by paying a ransom demand. Last year, Newcastle and Northumbria Universities were both hit by ransomware, so if this is the start of a new host of attacks, educational establishments need to exercise extra caution.”
He added that schools and related institutions should make sure all key patches and updates are installed, that they are carefully monitoring their networks for signs of intrusion, and that their Active Directory is secure.
“Active Directory represents the keys to the castle in IT terms, so it pays to ensure its hardened and closely monitored. Prevention is the first line of defence against these threats,” said Robert.
