Increased use of network-connected devices during the pandemic has rightfully preserved our ability to continue to educate our K-12 student population in challenging times. However, with all the benefits these connected devices provide, they also bring an expanded threat landscape and risk. Even in less chaotic times, it is not unusual for these devices to go unnoticed but when getting hundreds of kids and teachers securely online with as little disruption to learning and ransom attacks on the rise, these devices can go unnoticed. Nowadays, what is catching some school districts off guard, are increased threats to the confidentiality, availability, and integrity of their data systems from bad actors. Even before the pandemic, the K-12 Cybersecurity Resource Center as well as the FBI, reported increases in the frequency and severity of security incidents in K-12.
Armis can attest to these increased vulnerabilities. What follows are some first hand findings in recent experiences working with K-12 school environments across the U.S.
Southwest: 47 game consoles, 5 wifi pineapples, and 3 rogue access points.
The security team at a K-12 district in Arizona wanted to better understand what devices were running in their environment and assess their asset inventory. They expected to see 5 or fewer XBoxes, which support their eSports initiatives. Within 24 hours, Armis discovered 47 gaming consoles including Xbox and PlayStations on their network. Many of these devices had Internet access and were acting as gateways to the online gaming community, exposing their district’s network to said community. A recent string of high-profile cyber attacks against prominent game developers such as Ubisoft, Capcom and WildWorks reinforce that this industry is not immune, nor are their devices. WiFi Pineapples and other rogue access points were also discovered, exposing their district network to outside elements with potentially malicious intentions with easy access into their environment.
Western K-12: 239 BAS devices on the network, not secured, and exposed to active exploits
Within 24 hours of being deployed in a large Western K-12, the Armis agentless device security platform detected 239 Building Automation System (BAS) devices that were vulnerable to URGENT/11 and other exploits. The district’s security team had no awareness of the existence of these vulnerabilities prior to the Armis deployment. Once detection occurred, they were able to immediately take action and remove the devices from the network to prevent any of them being used to launch an attack.
Florida K-12: Six previously unknown active POS devices
A large K-12 district in Florida was shocked to find 6 active point-of-sale (POS) devices on their network. Specifically, they found smartphones using mobile payment apps and mini mag stripes, all on the school network, which is a violation of school policy. The IT department had suspicions that this could be happening without their knowledge – but no confirmation so they turned to Armis. The Armis agentless device security platform provided them with real-time visibility, alerting them of the coming-and-going of these devices, identifying the apps on the devices and traffic, along with information necessary to hold people accountable for going against school policy.
More devices means the need for better asset inventory
K-12 school districts are relying more and more on connected devices, making them prime targets for cybersecurity compromise. Remote learning adds to the complexity of knowing what is on their network, which increases the chance of a ransomware or ransom based attack by a bad actor going unnoticed. IT and security staff, which are typically small teams, need an effective way to gain complete real time visibility in order to secure e-learning and as well as connected devices on campus, without compromising the safety of sensitive personal data of students and educators.
Our agentless approach gives you the most robust cybersecurity asset management, letting you see all the devices in your environment, providing deep inspection into these devices and real-time risk assessment and threat detection so you can spend more time improving faculty and students experience rather than worrying about malicious attacks on your network.
Want to know what devices are on your school network and what they are doing? Request a demo and learn how much Armis can let you see.
Have our blog posts sent to your inbox.
*** This is a Security Bloggers Network syndicated blog from Armis authored by Christopher Dobrec. Read the original post at: https://www.armis.com/resources/iot-security-blog/surprising-findings-k-12-vulnerabilities/