An advisory warns about Vice Society threat actors who increasingly target the education sector with cyberattacks.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint advisory exploring the tactics employed by a Vice Society hacking group.
The advisory suggests that the industry is of particular interest to cybercriminals, with kindergarten through twelfth grade (K-12) institutions frequently falling victim to ransomware attacks. These incidents are expected to intensify in the 2022/2023 school year.
The aftermath of the attacks ranges from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to the theft of personal information regarding students and staff. K-12 institutions usually hold particularly high values of sensitive information, being lucrative targets for threat actors.
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk,” the advisory explains.
Vice Society is a hacking group that first appeared in the summer of 2021, which currently uses versions of Hello Kitty/Five Hands and Zeppelin ransomware. Threat actors operate by gaining network access through compromised credentials, exfiltrating data for double extortion, and then deploying ransomware, threatening to reveal the obtained information if the victim refuses to pay.
“Vice Society actors attempt to evade detection through masquerading their malware and tools as legitimate files, using process injection, and likely use evasion techniques to defeat automated dynamic analysis,” the advisory elaborates.
It is recommended that all institutions maintain encrypted offline backups of data, review their security vulnerabilities and preparedness, monitor external remote connections, and implement a recovery plan.