Kaspersky Security Bulletin

Education predictions 2021

Changes in the education system have been brewing for a long time, with digitalization as the main direction of this transformation. The breakthrough came this year as about 1.5 billion students were unable to attend school due to the COVID-19 pandemic. As a result, educational systems all over the world underwent significant change. Educators were forced to master new tools like Zoom, while maintaining the quality of education as they taught online.

This digitalization of education is likely to continue, which is good and bad at the same time. On the one hand, there are new tools and possibilities including ones that were originally not associated with education at all. TikTok accounts used for online instruction are a good example. Initially, teachers shunned the platform, preferring YouTube instead, but in 2020, TikTok became a popular choice for distributing educational content. On the other hand, many of these new digital educational tools are both enhancing the educational experience and introducing new threats. Here are the ones most likely to pose the biggest risks in the coming year.

  1. Development of educational Learning Management Systems. LMSs enable teachers to track students’ learning process, showing their progress and aspects that require the teacher’s attention. While there already are several well-known systems (Google Classroom, Frog, etc.), the market for new LMS systems will only continue to grow.
    As the number and popularity of LMSs rises, the number of phishing sites associated with educational and videoconferencing services will grow, too. Their main goals are stealing personal data or spreading spam within the educational community. Already in the spring of 2020, 168,550 unique users encountered various threats distributed under the guise of popular online learning platforms or videoconferencing applications, a 20,455% increase when compared to 2019. In addition to that, LMSs open up the potential for new, unexpected threats, such as Zoombombing. Especially if schools continue to conduct remote learning, these systems will continue to be a popular attack vector.
  2. More attention will be paid to video services, such as Youtube, Netflix, SchoolTube, KhanAcademy, etc. There will be more creation of educational video content either existing as finished product or partially used by teachers in the classroom. In fact, about 60% of teachers already use YouTube in the classroom.
    While videos can be a powerful educational tool, there is also a lot of age-inappropriate content that can be found on popular video services (YouTube/TikTok/Instagram, etc.), and creators of this content may use educational topics to attract attention. This threat is not new, but with the growth of digitalization, its relevance will grow too.
  3. Use of social media tools in the educational process. Social media (Instagram, Twitter, etc.) can be a great way to encourage students’ engagement during and after classes, and serve as a way for teachers to connect with their students. However, there are threats relating to content regulation. Currently, teachers or service administrators have to manually regulate content in LMSs and videoconferencing applications – it is a big task. Moderating content on social media platforms or online group chats is an even bigger one – especially in public groups or chats. That paves the way for inappropriate content, offensive comments and cyberbullying.
    Privacy is another concern. A poorly configured application or service is a well-known way of compromising personal data, even without special tools or vulnerabilities. In our case, students and teachers can be victims of such attacks.
  4. Gamification of the educational process. Almost everyone at school already knows about learning with Minecraft, but apart from that game, there are many services that allow you to learn through playing (While True: Learn, Classcraft, Roblox, etc.). However, as soon as you incorporate games into the classroom, you expose students to the same types of risks they would be facing while gaming from home: trolls and bullying, malicious files disguised as game updates or add-ons, etc.

In fact, privacy will be the biggest concern in the near future. Managing it in any service requires the user’s involvement, but many users, especially younger children, do not know how to appropriately control their privacy settings. Also, there are many services that provide tools for setting up the educational process online, and educators will most likely be using more than one. As a result, for each tool and in each case, they will need to pay special attention to protecting not only their personal information, but also their students’ data.

Education predictions 2021

Your email address will not be published. Required fields are marked *

 

  1. Peter

    thank for the report and content, it is very useful one.

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox