What is a “Whaling Attack” and how can Schools Protect Themselves from one?

What is a “Whaling Attack” and how can Schools Protect Themselves from one?

Whaling.jpg

Email spam is a constant security problem for IT managers, especially in schools.  Email phishing attacks deceive users into clicking on a link that will then either ask for their credentials, download malware on to their machine, or both.

Many school districts’ IT managers depend on anti-malware products to keep their users safe. Although those products typically do their job, they struggle to filter out one specific cybersecurity threat: whaling attacks.

Cyberattacks in the K-12 environment are increasing, and understanding what whaling is, who it targets and how it can be prevented is critical.

The first step in understanding how to prevent “Whaling” is to understand what it is.  In a phishing attack, messages are usually customized for a user or organization, but are still a bulk attack. For instance, phishing attacks are emails sent to every address in a school in efforts to get at least one person to bite.

A whaling attack is much more specific. In a whaling email, users are specifically sought out, carefully chosen, and the email is completely customized. Because the level of personalization in a whaling attack is so sophisticated, anti-spam programs have a very difficult time blocking these emails.

Whaling messages are also not sent as a bulk attack. Usually in a whaling attack, because there is not a large volume of emails coming through, and the security program has never seen the sender’s address before, the clues just aren’t there for a cybesecurity program to detect a threat.

Whaling attacks have become more common, especially in K-12 environments because threat actors have easy access to targets. Targets are at a greater vulnerability in the educational environment as well.  It’s very easy to gain access to names and emails of top staff members in a school environment, so it makes it just as easy for attacks to select a specific target.

With the increase of at-home learning, whaling attacks have also increased. Traditionally, school districts are usually not as technically sophisticated as other organizations would be, and also typically don’t have a sufficient budget to spend on information security. These factors increase their risk of falling victim to a whaling attack.

A whaling attack can shut down day-to-day operations, compromise private staff and student data and more.  So what are the best ways for a school district to protect against the threat of a whaling attack?

Because it is so difficult for a program to block whaling attacks, the best defense is to make the attack itself ineffective. For example, a user can click on a dangerous link, but if credentials can’t be stolen an attack won’t be successful. IT managers can mitigate the issue of stolen credentials by enforcing two-factor authentication.  If a username and password aren’t enough to compromise a user’s account, then the whaling attack will not be successful. Two-factor authentication is the best way to thwart a whaling attack.

In the past, some K-12 IT managers have rejected two-factor authentication because of the high cost of managing the software. This idea should be reconsidered though, as it could save a lot of hassle.

App stores across different platforms offer several standard-based two-factor authentication applications. Using one of these applications is very simple and can be enabled quickly.

IT managers, with the help of endpoint security tools and two-factor authentication, can mitigate the threat of whaling attacks.

 

Story via EdTech Magazine

Kaseya’s IT Software Platform used in REvil Ransomware Attack demanding $70 Million

Kaseya’s IT Software Platform used in REvil Ransomware Attack demanding $70 Million

Amazon Prime Day Sales Up Despite Supply Chain Issues

Amazon Prime Day Sales Up Despite Supply Chain Issues