Education Top Target for Adware and Trojans

digital trojan horse

Education's greatest cybersecurity threat is the openness of its networks, according to a company that produces anti-malware software. According to a new analysis of its customer data, Malwarebytes has found that the education sector was the largest target for adware and trojans, and second among verticals for being hit with ransomware. Forty-three percent of threats on education devices were identified as adware, 25 percent as trojans and 3 percent as backdoors.

The analysis was done between January and June 2019 on devices identified as being in education settings around the world and running Malwarebytes' on-premise programs and cloud services. While the focus was on findings for the first half of 2019, the company also examined data collected in 2018 to understand the threat landscape of the 2018-2019 school year.

In the area of adware, the most common adware families detected were SearchEncrypt, Spigot and IronCore. Together these comprised about 15 percent of the threats detected. The company considered the first two of those "relatively minor compromises."

The bigger concern was trojans. And according to the analysis, more than one in three compromises were detected on devices plugging in as a guest on the network. Trojans across all industries were on the rise last year, up 132 percent from the previous year. In education specifically, trojans represented nearly 30 percent of all detections in devices owned by schools. Also, the company reported, 33 percent of non-institution-owned devices carried trojans; in the United States specifically the share was 27 percent.

The most common trojans detected were Emotet, TrickBot and Trace, making up more than 11 percent of all compromises.

Emotet appeared to be even more pervasive among non-institution-owned devices (14 percent) than those owned by the institution (5 percent).

TrickBot for its part uses EternalBlue, one of the SMB vulnerabilities leaked by the ShadowBrokers Group last year, to exploit unpatched systems. Infected machines attempt to spread TrickBot laterally via brute force of domain credentials." TrickBot, which represented almost 6 percent of all identified compromises in education, was described by Malwarebytes as a "nasty information stealer that can download components for specific malicious operations, such as keylogging and lateral movement within a network."

The company warned that these two trojans "may be even more pervasive than the metrics indicate." If its own technology didn't stop certain activities in their tracks, the counts could be doubled. Those include flagging malicious PDF or Office documents containing hidden scripts that have been opened or a manual script such as PowerShell that has been activated. "If these detections were, indeed, the result of further attempts at spreading Emotet or TrickBot, then Trojan detections may actually represent up to 40 percent of all detections in the industry," the company noted.

"Because of their network-hopping use of brute force attacks and use of exploits, education is particularly vulnerable to these particular attacks, due to the huge volume of guest devices connecting to their networks," the company concluded.

More detail is available on Malwarebyte's blog.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • handshake where one hand is human and the other is composed of glowing circuits

    Western Governors University Joins Open edX as a Mission-Aligned Organization

    Western Governors University is the first organization to join the Open edX project as a "mission-aligned organization" (MAO), a new category of institution-level partnership supporting development of the Open edX open source online learning platform.

  • glowing crystal ball with a simplified university building inside, surrounded by seamlessly blended holographic symbols of binary code, a bar graph, database icons, and a cloud, against a gradient blue and white background with softly merging circuit patterns

    3 Areas Where AI Will Impact Higher Ed Most in 2025

    What should colleges and universities expect from the evolving landscape of artificial intelligence in the coming year? Here's what the experts told us.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.