Protecting Schools in Southeast Asia From ALTDOS Cyber Criminals

In December 2020, a group of cybercriminals that go by the name of ALTDOS were discovered. The Group has been found to be attacking businesses all over Southeast Asia, leaving a path of destruction and compromised systems wherever they go. The Group is still at large, with intentions of looting personal and sensitive information in order to request ransoms from controllers or sell it on underground/dark web forums. Schools that reside in Southeast Asia will most likely have heard of ALTDOS, and if they haven’t, chances are that at some point in the near future they will. What does ALTDOS mean for independent and international schools in Southeast Asia and what can they do to mitigate the risk of your systems being compromised by an attacker.

What Methods are they using?

The primary method of attack that ALTDOS are using is ransomware. The process of a ransomware attack is as follows:

• The attacker attempts to infiltrate your systems through a phishing email or text which has a hidden malicious software (malware). It could also be through a malicious website that they have created. The only way that infiltration can be successful is if the infected file is opened and thus downloaded onto your computer. 
• The malware sends a communication line back to the attacker allowing them to download even more malware to your systems. The malware can lay dormant for months before the attacker decides to act. 
• The attacker will then activate the attack, which can start with your back-up files to ensure recovery is unobtainable. 
• The attacker encrypts important files within your systems, these may include personal and sensitive information that you are processing for data subjects such as staff, students, and parents. The attacker may  encrypt individual files, or entire file systems within your network. 
• A ransom is asked of you in exchange for the recovery of your files. Recently, there has been a rise in time sensitivity, meaning that the attacker will give you a specific time frame in which you must pay the ransom. 
• You have to make a decision as to whether your school will pay the ransom, or try to recover the data that has been stolen through the breach of your IT systems.

Ransomware FAQs

Should I pay the ransom?

Although it may seem like a quick way out of a complicated situation, paying the ransom is never recommended as cybercriminals cannot be trusted and there is no guarantee that the encrypted and stolen data will be restored. The best thing to do when encountering a ransom is to inform all data subjects that are affected by the data breach. In many countries, it is a legal requirement for you to do so, and even regulatory authorities must be notified. If data breach notification requirements are included in your local data protection regulations, you will need to follow the procedures and timeframes laid out in order to uphold compliance. 

What do cyber criminals do with the stolen data?

When committing a ransomware attack, criminals are looking to gain from the data that they steal in any way possible, such as selling the personal and sensitive information on dark web forums. This data could even be parents credentials, or online banking details. By stealing this information, attackers can either take money directly from their account, or make money by selling such credentials to others that wish to exploit them. With the reputational damage that can come from losing the banking credentials of parents at your school, it is in every school’s best interest to make sure that this type of data is highly protected from cybercriminals. 

How do I detect whether a link/website is malicious?

There are multiple ways to detect whether a link or website holds malware that could compromise your systems:

• If it comes from a public email domain such as “gmail.com” - no legitimate organisation will send you an email from a public domain, this is a classic example of when infiltration is attempted through a phishing email.
• Check for misspellings in the domain name or in the email itself. Sometimes attackers will send emails with poorly written content as they believe that people who are likely to click on a link with spelling errors are less likely to notice clues that they are being scammed.
• Sometimes a phishing email or text will come to you with “CONGRATULATIONS!! You have won…” and announce that you have a short period of time to claim your prize/reward. Or maybe the email tells you that you need to log into your bank account immediately to revert an issue that will stop payments coming through. These things create a sense of urgency for the reader and encourage them to click on the link out of panic. 

If one or more of these apply to an email or text message that you have received, you should report it to the correct person within the school.

For all of the latest privacy and cyber trends, download our Education Privacy and Technology Magazine!

How do I prevent ransomware attacks?

When it comes to ransomware attacks, prevention is inherently better than a cure. Ensuring that there is a sufficient data privacy culture in your school will increase the protection of data subjects, and their personal data. This can be achieved by training staff on how to identify malicious emails, texts and links, what a data breach is, what happens in the event of a ransomware attack, and who to report any potential issues within the school.

Technical preventative measures are also necessary to avoid system compromise. The use of cyber vulnerability assessments and penetration testing can benefit your school by presenting where the weaknesses are within your systems and giving a visual representation of what areas need strengthening. Performing this type of vulnerability assessment will promote appropriate levels of  cyber hygiene in your school, and protect your student and staff data. External penetration testing will help your school further understand how systems would cope under a cyber attack, giving you insight into what areas need higher security. This way security measures can be implemented to ensure that your systems are as protected as they can be from system infiltration. 

ALTDOS are not the first group of cyber criminals of their kind, we see countless ransomware attacks going on worldwide continuously. This has also increased since the beginning of the pandemic due to distance learning and work from home technologies. However, if your school can ensure that its systems are hardened and secured, and everyone within the school is educated on what not to open or click, cybercriminal gangs such as ALTDOS will be more likely to be eradicated.

9ine’s services that will help you protect your school from ALTDOS 

Due to a lack of formal, structured training for school IT professionals, 9ine has invested in creating a professional development course for those facing challenges in the area of system hardening. This will help schools to reduce vulnerabilities in their systems, and mitigate the risks associated with a cyber attack from criminals such as ALTDOS. We understand the current threat context for schools all over the world, which is why we have created the Tech Academy for tech teams to attend, learn, and leave with an instructional understanding of how to improve cyber security and IT systems performance at their school.

9ine’s Systems & Security Essentials subscription service aids schools in the hardening of their systems, ensuring that they are as protected as they can be from cybercriminals. A thousand point checklist audit is conducted on your systems to ensure that every aspect of your network is tested for vulnerabilities. You will then be presented with a visual representation of where the weaknesses are within your systems, and preventative measures to ensure that you are able to mitigate the risks associated with the vulnerabilities that are found within the audit. This, alongside the help of 9ine’s expert tech consultants, will provide your school with the most effective system security possible. If you would like to know more about how 9ine’s Security & Systems Essentials can help protect your school from ALTDOS and other cybercriminals, talk to one of our experts to understand how you can make the most out of 9ine’s services.