Education Top Target for Adware and Trojans

digital trojan horse

Education's greatest cybersecurity threat is the openness of its networks, according to a company that produces anti-malware software. According to a new analysis of its customer data, Malwarebytes has found that the education sector was the largest target for adware and trojans, and second among verticals for being hit with ransomware. Forty-three percent of threats on education devices were identified as adware, 25 percent as trojans and 3 percent as backdoors.

The analysis was done between January and June 2019 on devices identified as being in education settings around the world and running Malwarebytes' on-premise programs and cloud services. While the focus was on findings for the first half of 2019, the company also examined data collected in 2018 to understand the threat landscape of the 2018-2019 school year.

In the area of adware, the most common adware families detected were SearchEncrypt, Spigot and IronCore. Together these comprised about 15 percent of the threats detected. The company considered the first two of those "relatively minor compromises."

The bigger concern was trojans. And according to the analysis, more than one in three compromises were detected on devices plugging in as a guest on the network. Trojans across all industries were on the rise last year, up 132 percent from the previous year. In education specifically, trojans represented nearly 30 percent of all detections in devices owned by schools. Also, the company reported, 33 percent of non-institution-owned devices carried trojans; in the United States specifically the share was 27 percent.

The most common trojans detected were Emotet, TrickBot and Trace, making up more than 11 percent of all compromises.

Emotet appeared to be even more pervasive among non-institution-owned devices (14 percent) than those owned by the institution (5 percent).

TrickBot for its part uses EternalBlue, one of the SMB vulnerabilities leaked by the ShadowBrokers Group last year, to exploit unpatched systems. Infected machines attempt to spread TrickBot laterally via brute force of domain credentials." TrickBot, which represented almost 6 percent of all identified compromises in education, was described by Malwarebytes as a "nasty information stealer that can download components for specific malicious operations, such as keylogging and lateral movement within a network."

The company warned that these two trojans "may be even more pervasive than the metrics indicate." If its own technology didn't stop certain activities in their tracks, the counts could be doubled. Those include flagging malicious PDF or Office documents containing hidden scripts that have been opened or a manual script such as PowerShell that has been activated. "If these detections were, indeed, the result of further attempts at spreading Emotet or TrickBot, then Trojan detections may actually represent up to 40 percent of all detections in the industry," the company noted.

"Because of their network-hopping use of brute force attacks and use of exploits, education is particularly vulnerable to these particular attacks, due to the huge volume of guest devices connecting to their networks," the company concluded.

More detail is available on Malwarebyte's blog.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • AI robot with cybersecurity symbol on its chest

    Microsoft Adds New Agentic AI Tools to Security Copilot

    Microsoft has announced a major expansion of its AI-powered cybersecurity platform, introducing a suite of autonomous agents to help organizations counter rising threats and manage the growing complexity of cloud and AI security.

  • college building with a central domed rotunda, arched windows, and columns, overlaid with glowing blue circuit patterns

    Kishwaukee College Moves to Ellucian Colleague SaaS

    Illinois's Kishwaukee College is modernizing its administrative systems with an Ellucian Colleague SaaS rollout that will bring AI-powered tools to human resources, finance, and student management.

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • SXSW EDU

    SXSW EDU 2025 on Higher Education and Ever-changing Technology

    Join education's most passionate community this March 3-6, 2025 at a special 15th-annual SXSW EDU Conference & Festival in Austin, Texas.