Overview:
Des Moines Public Schools district was hit with a recent cyberattack.
Technical Summary:
The largest school district in Iowa Des Moines Public Schools was forced to cancel all their classes on Tuesday after taking all network systems offline due to unusual activity on their network. The announcement for the cancelation was published on Monday when the district added that athletics and activities were still scheduled to take place.
Also, important tools that support the school district operations are unavailable at the time the article was published which led to the main decision of the district to cancel school for the day.
The impact and nature of the attack have not yet been revealed but other notable Iowa school districts including the Cedar Rapids Community School District, the Davenport Community School District, and the Linn-Mar Community School District, were all targeted in ransomware attacks in 2022.
Attack Tactics, Techniques & Procedures:
Impact (TA0040)
- Data Manipulation (T1565)
- Data Destruction (T1485)
- System Shutdown/Reboot (T1529)
Resource Development (TA0042)
- Compromise Accounts (T1586)
- Stage Capabilities (T1608)
- Compromise Infrastructure (T1584)
Exfiltration (TA0010)
- Exfiltration Over C2 Channel (T1041)
Privilege Escalation (TA0004)
- Exploitation for Privilege Escalation (T1068)
- Valid Accounts (T1078)
Affected Assets & Organizational Impact:
The nature of the attack has not been disclosed yet but in 2022 multiple Iowa school districts were hit with a ransomware attack. The education sector as a whole in 2022 was hit with a total of 89 organizations in the U.S. including 44 universities and colleges and 45 school districts.
Mitigation & Response:
No mitigation at this time has been revealed, the attack is still in its early stages and its nature of it has not been disclosed. In November 2021, several U.S. senators urged the U.S. Departments of Education and Homeland Security to beef up cybersecurity protections at K-12 schools across the country.
Sincerely,
Dominic Alegrete
#CyberXE #CyberLeadersStartHere