Cyberattack threatens online learning in NSW

Read the full article below as featured in The Australian.

The cyberattack came at the worst time in NSW with greater Sydney and surrounding regions continuing in lockdown for another week with classes resuming next Tuesday.

The cyberattack hit on Wednesday. Teachers across the state were initially told the outage was for a system upgrade in an email that warned them computer systems would be subject to maintenance, an issue that added to the confusion.

“To ensure the department is well placed in continuing to support remote teaching and learning, we will be undertaking essential system upgrade activities,” the department said in its email to staff seen by The Australian.

“These upgrades may result in some service and access disruptions over the next couple of days. During this time we encourage you to go to our website for all information and updates.”

The NSW Department of Education has confirmed it had been a victim of a cybersecurity attack, but hasn‘t said if the attack centred on ransomware, other malware, or whether student records had been at risk of being stolen.

Mark Lukie, Sales Engineer Manager, APAC, Barracuda Networks said the sheer amount of personal information held by education government departments, schools and universities makes them an ideal hacking target. “At the same time, the substantial shift towards remote learning and e-learning has made them even more vulnerable and appealing to nefarious players.”

Simon Howe, Vice President Asia Pacific Sales, LogRhythm, said the education sector continued to be a top target for cyberattacks. “The increased reliance on e-learning has made schools in Australia and many other countries an even bigger target of opportunity than before as the stakes are higher and worth more money.

“If the technology is taken down, lessons come to a complete standstill. This will likely not be the last attack targeting schools.”

When asked about the nature of the attack, the Australian Cyber Security Centre would only say it was aware of a cyber incident and “was providing advice and assistance”. It didn’t offer further details.

The NSW Department of Education said it deactivated internal systems as a precaution.

NSW Education Secretary Georgina Harrisson said the department’s priority was the safety and security of its student and staff data, and it had made the precautionary decision to take some systems offline while it investigates further.

“The timing of this creates considerable challenges for staff as we prepare for the start of term 3,” Ms Harrisson said.

Department of Education and Cyber Security NSW teams are working to ensure normal access is restored in time for the start of Term 3.

“Whilst we are confident all systems will be back online before Day 1, Term 3, we are making information to support home learning available on our public website so that preparations for the start of term can continue,” Ms Harrison said.

She said the department was working closely with Cyber Security NSW and the issue had been referred to the NSW Police and federal agencies. Investigations are still underway to pinpoint the source of the attack.

Said Ajay Unni, founder and CEO of StickmanCyber and a NSW Government’s 2020 Cyber Security Task Force Member, said the attack could involve ransomware or be a denial of service (DDoS) attack designed to force systems offline.

“As the department was forced to deactivate its systems as a precaution, it seems like the attack was persistent and further investigation needs to be done to get to the bottom of the matter.

“If the department had monitoring, detection tools and threat hunting in place, such attacks could be identified and stopped before it created an impact of this scale.“

The department is yet to clarify the type of attack and whether teacher and student information had been exposed to hackers.