Monday I was reviewing emails, tickets, and tech news when I came across an article about LAUSD(Los Angeles Unified School District) and the ongoing ransomware attack. I decided to do some more digging and found an article on TechCrunch that did a decent job of breaking down what happened. I’ll reference the article here but if you want more information I’d recommend checking that out.
This is the second ransomware attack on a public school that I’ve looked at in the last 6 months. While the TTP(tactics, techniques, and processes) haven’t been fully disclosed yet, I’d wager in both cases this started as a phishing attack. Phishing attacks and email spoofing are becoming more frequent. In some cases, email spoofing has been used to mark an email as spam in filters, like an email DOS(Denial of Service) attack. In others the spoofing is used to look legitimate to the end user, even using known and trusted email servers like Google’s SMTP send. Unfortunately filtering alone isn’t enough, we also need to work to train our end users to look for telltale signs, and this can be hard.
Sure, there are companies like KnowBe4 that offer training services, and there are quite a few businesses that use them. With a tighter budget for public schools, a starting point might be to suggest folks take Google’s Phishing Quiz to get familiar with some of the basics. Starting with end-user phishing training is important.
Why? Because despite all the firewalls and filters the real first line of defense, and the most vulnerable, are our end users. If one person with a high enough level of access can be phished and pressured into allowing access to their machine, then all the firewalls and filters have failed and/or been circumvented and we have to close up shop while we figure out the extent to which information was leaked.
Most pen testers are schooled and have a knack for hacking/social engineering people. This is why it is just as important, if not more so, that we educate our end users and help everyone stay a little safer.