What School Administrators & IT Directors Should Know About Distributed Denial-of-Service (DDoS) Attacks

After an extended period of mandated online learning, most school administrators and IT directors have developed a heightened awareness when it comes to network security issues. However, even for the schools best-positioned to pivot to digital instruction, there were some unanticipated problems.

At one private K-12 academy, the problem was that one of its students taught themselves how to send Distributed Denial of Service (DDoS) attacks that would shut down instruction completely for extended periods. And what the school administrators found out — to their surprise — is that it’s very easy for anyone to launch DDoS attacks. In fact, according to The 2021 Imperva Global DDoS Threat Landscape Report, there’s a growing trend of unskilled perpetrators launching DDoS attacks.

DDoS is a malicious attack that overwhelms a network with a massive flood of requests. In 2020, the NETSCOUT Threat Intelligence report counted 4.83 million DDoS attacks in the first half of the year. The attacks became even more prevalent in 2021, with NETSCOUT reporting an 11 percent increase over the same time in 2020.

In this case, the student had figured out how to schedule and launch a DDoS attack that would cripple the school’s network and infrastructure, shutting down all instruction, as well as back-office functions like billing, payroll, and even cafeteria fees.

Eventually, after the school’s local internet provider and various vendors proved unable to troubleshoot the cause of the outages, an arduous process undertaken by the director ruled out internal issues. The two-man IT team at the school knew by then that it had to be malicious attacks causing the hours and hours of network downtime the school suffered through.

As it turned out, the culprit was a 12-year-old student in the school’s 9th grade. When the school was fully remote, the student was unsupervised at home. When the school came back to full in-person learning, that was when the malicious attacks really began to ramp up.

The student had evidently been cheating to pull straight A grades while at home, and when he returned to school could no longer access the tools he used to cheat. As a result, his grades plummeted. That was when he began to shut the entire network down during school days, particularly test days, in the hopes the school would allow students to finish the assignment at home.

Using easily-found and inexpensive DDoS attacks from a seemingly legitimate website, and direction from online resources, the young boy could shut down the entire school whenever he felt like it. And he felt like it for about 160 instructional hours in the spring semester of 2021.

Through the observations of an alert teacher, the school had been able to identify one boy in particular acting suspiciously. They immediately used an existing service the school had to determine if, and how, the boy was pulling off the attacks. “We noticed he was hitting a site that operated under the guise of a legitimate service providing attacks against IP addresses for IT professionals to stress test their networks. So we paid $10 to that site for a DDoS attack to last for about 10 seconds. Within minutes, we were able to push a DDoS attack towards our public IP address,” he explains.

The school immediately reached out, and had a fiber network installed, fully monitored, and with DDoS-specific protection. That did the trick, and the school has suffered no attacks since the implementation, allowing instruction and all back-office functions to operate with no outages.

The underlying question that nags at me is, how many schools are there out there today who are wide open to this sort of simple, yet effective, malicious attack? Perhaps it’s time for your school to undergo a review of your network security initiatives.