Mac Malware to the front of the class please

Hackers are increasingly using ransomware to attack K-12 education institutions, particularly remote learning infrastructure. Here's what you need to know.

December 14 2020 by

Matthias Wollnik

Late last week, the US Cybersecurity & Infrastructure Security Agency (CISA) issued an alert that adversaries are increasingly attacking education institutions, particularly kindergarten through twelfth grade (K-12) remote learning infrastructure. Specifically, they pointed out a massive increase in Ransomware attacks, distributed denial of service (DDOS) attacks, and a significant shift in malware. Digging into the last, they provided the following infographic, demonstrating that ZeuS and Shlayer are among the most prevalent malware affecting K-12 schools:

Where do the attacks originate?

Interestingly, the most frequently seen malware in K-12 education organizations is indicated to be Shlayer, a Mac-targeted malware designed to allow an attacker to manipulate the device and access information on it.

The security sphere has talked about Shlayer quite a bit this year:

Are Jamf Protect customers protected from these attacks?

Jamf Protect does identify and prevent known Shlayer attacks based on static and behavioral analytics.

It’s worth noting that this is one of the first times we’re seeing that malicious groups of attackers are targeting the macOS ecosystem over others. The swift shift to remote learning due to COVID increased the number of Apple devices in education at all levels. As Macs have become more common and attackers being creatures of opportunity, Macs seem to now be increasingly their target as they develop and deploy attacks against education institutions.

Apple has been great at providing a robust security baseline out of the box, but no software security mechanism is infallible. In the security space, a layered defense in-depth strategy has long been the standard approach to dealing with this. This new focus by attackers on Macs reinforces our belief that organizations need to ensure that their devices are rolled out in a secure state and use layers of security tools, such as our own Jamf Protect, to prevent known malware from slipping through.

Even then, there could still be successful attacks that need to be identified and remediated as quickly as possible.

What about training kids to be safe?

In corporate settings, we usually have another layer of defense easily available to us: cybersecurity training. Having proper cybersecurity training for end users can be extremely beneficial to prevent attacks because the end users can be aware of possible malicious attacks.

But finding a cybersecurity training for children that will keep then engaged and informed can be a challenge. Beyond developing a training in-house, CIS has published a list of cybersecurity resources that would be helpful for kids!

We at Jamf are always here to help you succeed with Apple with education device management that assures the secure deployment and management of Apple devices, as well as enhancing your Mac security efforts.

See how Jamf Protect can tighten your school's security.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.