Today’s cybercriminals are no longer driven solely by financial gain, the geopolitical impact of attacks has shifted with nation-state actors now targeting critical infrastructure. While Local Governments have long been a part of this, schools have also become key targets, especially after COVID-19. The pandemic’s disruption to education has left a lasting impact, making attacks on schools and Local Governments both physically and psychologically significant. These institutions, essential to society, are under siege not just for their sensitive data but for their societal importance. With advanced capabilities and financial backing, nation-state actors are accelerating their efforts, heightening the urgency for robust cybersecurity.
Why Threat Actors Target Local Government and Education
Local Governments are frequent cyberattack targets due to their political significance and the essential services they provide. When one city is attacked, neighboring cities often become hyper-vigilant, particularly smaller municipalities managing critical services like water supply. These vital functions make them high-value targets. While financial institutions are seen as obvious targets for their direct connection to money, Government agencies hold more financial value than many realize. The stakes are even higher when political positions are involved, making Local Governments attractive to financially motivated attackers and nation-state actors seeking leverage.
Education has also become increasingly vulnerable. Schools were initially targeted for geopolitical reasons, with attackers seeking to influence the “hearts and minds” of society by disrupting education. However, cybercriminals discovered the financial value of student records, which are worth more on the dark web than credit card or healthcare information due to students not checking their credit scores. This extended window for identity theft, combined with the vast amount of data schools hold, makes educational institutions prime targets for cybercriminals.
Both Local Governments and schools face shared challenges in defending their systems. For Governments, Supervisory Control and Data Acquisition (SCADA) networks that manage infrastructure are often isolated but still present large attack surfaces due to their distributed nature. Schools, on the other hand, struggle with the complexity of students bringing their own devices, which introduces uncontrolled entry points into the network. These vulnerabilities make Local Government and education uniquely attractive and susceptible targets in the cyber landscape.
Two Main Attack Vectors: Phishing and Infostealers
Cybercriminals use various tactics to infiltrate Local Governments and schools, exploiting both technological weaknesses and human behavior. People are often the weakest link, making them prime targets for attackers. The rise of artificial intelligence (AI) has further advanced these attacks, making them more difficult to detect. While agencies and schools cannot fully eliminate the risk through training alone, understanding these evolving threats can significantly reduce the chances of successful attacks.
Phishing and information stealing are two of the most prevalent methods used by cybercriminals. Research from Lumu Technologies shows that phishing accounts for 52% of attacks, while information stealing makes up 48%, illustrating their near-equal presence as cyber threats.
Phishing
Phishing is often used to gain initial access into a network, accounting for approximately 90% of attacks. By tricking users into clicking malicious links or downloading malware, attackers establish a presence in the system. The preliminary malware allows them to move laterally, escalate privileges and locate sensitive data. Attackers either sell the data or use it to launch ransomware attacks. In ransomware scenarios, the attacker takes control of the network, encrypts critical data and issues a ransom demand. Phishing is thus the starting point for a larger chain of events leading to data theft and/or financial extortion.
Information Stealing
Infostealers are designed to capture sensitive information, often to sell on the dark web or to facilitate ransomware attacks. Like intelligence operations, they collect data to spread through an environment or identify new attack points. Keyloggers record keystrokes to capture usernames and passwords for unauthorized access. Other methods include form grabbers, which intercept forms and alter them, and browser hijackers, which mimic legitimate sites to bypass multi-factor authentication. Sensitive data from Local Government and education sectors is highly valuable, with threat actors intensifying efforts to exploit it for profit.
In addition to phishing and infostealers, cybercriminals continually find new ways to exploit technology and human behavior, such as man-in-the-middle (MITM) attacks, credential stuffing and supply chain attacks. These often-overlooked attack vectors can cause significant damage to agencies and schools. Recognizing these methods is crucial for developing comprehensive defenses.
Why These Attack Methods are Successful
These attack methods succeed against Local Governments and schools due to the constantly evolving nature of cyber warfare. Like traditional warfare, attackers adapt, finding new ways in after one vulnerability is closed. Defenders must be equally dynamic.
Even with security measures like Endpoint Detection and Response (EDR), attackers find ways to bypass them. EDR relies on behavior analysis, which takes time, while attackers use advanced AI to quickly develop new methods. Local Governments and schools are often slower to adapt, giving attackers an advantage. The challenge is not just implementing security measures but continuously evolving defenses to keep up with new threats.
AI Versus AI
In the battle against evolving cyberattacks, Local Governments and schools must leverage advanced technologies like AI and automation. As attackers adopt AI to improve the sophistication and speed of attacks, defenders need equally powerful tools. Cybercriminals use AI to bypass traditional defenses, identifying weaknesses faster than humans can.
To keep up, Local Government and education sectors must deploy AI-driven systems to detect threats in real time. AI helps identify vulnerabilities, enabling proactive defense, while automation blocks threats at machine speed. For smaller institutions with limited resources, automation is especially crucial to defend against attacks effectively.
In a landscape where cyber threats continually evolve, matching the speed and sophistication of attackers is crucial for a strong cyber defense. Government agencies and educational institutions must stay vigilant, leveraging AI and automation to outpace attackers and protect the critical infrastructure and data that comprise the foundation of society.
Discover the latest trends in cyberattacks and learn how AI and automation are reshaping the fight against modern cybercriminals in Lumu Technologies’ webinar, “Emerging Cyber Attack Trends Targeting Local Government & Education.”
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Lumu Technologies, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.
