How AI is enabling cybercriminals to rob public schools

A school district recently fell victim to a sophisticated phishing attack where cybercriminals used AI to gather and weaponize publicly available information, leading to the theft of funds intended for a construction vendor.

The current threat landscape: AI tools are enabling cybercriminals to create more convincing phishing attacks against schools by automatically collecting and analyzing public information from district websites and documents.

• Bad actors can now launch more sophisticated attacks with fewer detectable errors by using AI to process information from school board minutes, budget reports, and other public documents
• The combination of AI tools and abundant public information makes schools particularly vulnerable targets
• Cybercriminals can create highly convincing impersonations of legitimate vendors or staff members using accurate details harvested from public sources

Anatomy of a recent attack: A large public school district became a victim when criminals exploited their vendor self-service billing portal using publicly available information about construction contracts.

• Attackers successfully posed as a legitimate construction vendor using accurate details about ongoing projects gleaned from public records
• After gaining access to the billing portal, the criminals redirected payments by changing the vendor’s bank account information
• The absence of functioning multifactor authentication (MFA) on the portal enabled the attack to succeed
• A nearby district had suffered an identical attack months earlier, but legal restrictions on sharing cyber incident information prevented warnings from being issued

Key defensive measures: Technology experts recommend several critical steps to protect school districts from AI-enhanced phishing attempts.

• Implementation of MFA across all district systems and portals is essential
• External emails should be clearly labeled to help users identify potential threats
• Districts should establish confidential channels to share information about cyber threats with other schools
• Public information sharing should be limited, with sensitive details moved behind MFA-protected portals
• Staff email addresses should be protected using internal filtering systems rather than posted directly online

Looking ahead: The evolving security paradigm: The combination of public disclosure requirements, limited cybersecurity resources, and restrictions on sharing incident information creates unique challenges for school districts facing increasingly sophisticated AI-powered threats.

• This security environment requires a careful balance between transparency requirements and protective measures
• Districts must evaluate their current information sharing practices while maintaining compliance with public disclosure laws
• More sophisticated approaches to protecting public information may be needed as AI tools become more advanced