The progress of the Roswell Independent School District’s recovery from a recent “spear-phishing” attack is being monitored.
Royce Braggs, RISD director of technology, gave a presentation on his department’s handling of the “malware attack” at the school board meeting on Sept. 10.
Superintendent Dr. Ann Lynn McIlroy gave a “shout-out” to the district’s 14-member IT team for handling the spear-phishing attack at 12:01 a.m. on Sunday morning during the Labor Day weekend. McIlroy said “over 12,000 devices” owned by the district have to be checked by the IT team, a process which is ongoing and may take “weeks to come.”
“We did detect it early and so we shut down everything, so we could contain it,” Braggs said. “So we have to contain and we have to eradicate it, then we restore and then we monitor. We’re at the position right now we’re in between exterminating the problem and restoring items …”
Braggs said the “very tedious process” has required technicians to check each device for contamination. He said the techs have been working “tirelessly” and the team accomplished getting the school’s Chromebooks up and running.
As of Monday, Chad Cole, RISD assistant superintendent of finance and operations, confirmed that phones are still being worked on, as are the administrative IT systems. Cole said PowerSchool, an education software application, was back last week and is continuing to be accessible for students.
Phishing is when a hacker tries to acquire personal information; Braggs used an example of a fake Bank of America email asking for a bank account number and password or requesting a password change.
“Spear-phishing is different,” Braggs said. “What they do is they’ll pretend like they’re the superintendent or they’re pretending like they’re Chad Cole and they will say, ‘Hey, I need you to get this done real quick’ and so they put pressure on somebody who’s underneath them. That person feels pressured to just get it done and they click on it or, they do something like that …”
Cole said the “top priority is to bring several networked software systems and thousands of connected hardware systems back up, without recontaminating” and to add “improved mechanisms to prevent and more rapidly recover from this and other future cyberattacks.”
The IT team will continue restoring and monitoring the aftermath of the cyberattack and Braggs added the next step to do a “deep analysis” to see where to “strengthen” the district’s IT security.
From her research, Board Secretary Dr. Kathleen Pittman said spear-phishing is a “common problem” nationwide and she saw that one school “declared a state of emergency” due to the severity of that attack. McIlroy added that Gadsen Independent School District and Taos Municipal Schools experienced something similar to the RISD cyberattack.
“Well it’s important to remember that this is not a dirty little hacker hiding in a dark room anymore,” Braggs said. “These are nation-state attacks, so you have issues like that come up that literally you have nations behind these attacks …”
After the analysis, educating RISD users is the next step and Braggs said they need to know when emails are credible or fraudulent. He said nothing can be done to prevent the phishing emails from being received.
The district has a warning that when emails originate outside of RISD, to “not click links or open attachments unless you recognize the sender and know the content is safe” and to “never give out your user ID or password.”
Braggs used an example of a phishing email pretending to be from McIlroy may say her name, but have .ru “which is Russia” instead of .us at the end of an email. A typical RISD email address has the RISD employee’s first-name initial and last name followed by ‘@risd.k12.nm.us.’
Local governments and schools are, as Cole said: “behind the curve in terms of IT security.”
“… We can definitely amp up the security, but then access becomes more difficult for our teachers, our staff and they want access to those lessons and things they can bring in, into the classroom and that’s understood,” Cole said. “So we’ve talked about some of those things and we’ll probably be approaching with some ideas on that and creating that balance that gives us a little more security.”
Special projects reporter Alison Penn can be reached at 575-622-7710, ext. 205, or at firstname.lastname@example.org.