Schools in the United States are facing a wave of sophisticated phishing attacks, a recent report by cybersecurity firm PIXM reveals. The attacks target officials at large school districts and aim to bypass Multi-Factor Authentication (MFA) protections that were previously thought to be robust.
Two key groups, Tycoon and Storm-1575, have been identified as the main perpetrators behind these attacks. Both groups use social engineering techniques and sophisticated phishing methods to bypass MFA tokens and session cookies. They create customized login experiences and utilize various services like dadsec and Phishing-as-a-Service (PhaaS) to target administrator email accounts, deliver ransomware, and compromise Microsoft 365 credentials.
The attacks involve phishing emails that prompt officials to update passwords, leading them to encounter fake Microsoft password pages and enter two-factor authentication codes that allow attackers to bypass MFA protections. Common targets include Chief of Human Capital and finance and payroll administrator accounts, with some attacks attempting to infect machines with malicious scripts by altering Windows registry keys.
Schools are a high-priority target for ransomware gangs, with student data being a prominent prey of cybercrime. Over 900 schools have been targeted in recent cyber attacks, and data leaks have exposed sensitive records belonging to students, parents, and staff, raising concerns about student privacy and school safety. To protect against phishing attacks, organizations are advised to identify high-priority staff, invest in tailored awareness efforts, and implement proactive AI-driven protections at the browser and email layers.
