In December 2020, a group of cybercriminals that go by the name of ALTDOS were discovered. The Group has been found to be attacking businesses all over Southeast Asia, leaving a path of destruction and compromised systems wherever they go. The Group is still at large, with intentions of looting personal and sensitive information in order to request ransoms from controllers or sell it on underground/dark web forums. Schools that reside in Southeast Asia will most likely have heard of ALTDOS, and if they haven’t, chances are that at some point in the near future they will. What does ALTDOS mean for independent and international schools in Southeast Asia and what can they do to mitigate the risk of your systems being compromised by an attacker.
What Methods are they using?
The primary method of attack that ALTDOS are using is ransomware. The process of a ransomware attack is as follows:
Ransomware FAQs
Should I pay the ransom?
Although it may seem like a quick way out of a complicated situation, paying the ransom is never recommended as cybercriminals cannot be trusted and there is no guarantee that the encrypted and stolen data will be restored. The best thing to do when encountering a ransom is to inform all data subjects that are affected by the data breach. In many countries, it is a legal requirement for you to do so, and even regulatory authorities must be notified. If data breach notification requirements are included in your local data protection regulations, you will need to follow the procedures and timeframes laid out in order to uphold compliance.
What do cyber criminals do with the stolen data?
When committing a ransomware attack, criminals are looking to gain from the data that they steal in any way possible, such as selling the personal and sensitive information on dark web forums. This data could even be parents credentials, or online banking details. By stealing this information, attackers can either take money directly from their account, or make money by selling such credentials to others that wish to exploit them. With the reputational damage that can come from losing the banking credentials of parents at your school, it is in every school’s best interest to make sure that this type of data is highly protected from cybercriminals.
How do I detect whether a link/website is malicious?
There are multiple ways to detect whether a link or website holds malware that could compromise your systems:
If one or more of these apply to an email or text message that you have received, you should report it to the correct person within the school.
For all of the latest privacy and cyber trends, download our Education Privacy and Technology Magazine!
How do I prevent ransomware attacks?
When it comes to ransomware attacks, prevention is inherently better than a cure. Ensuring that there is a sufficient data privacy culture in your school will increase the protection of data subjects, and their personal data. This can be achieved by training staff on how to identify malicious emails, texts and links, what a data breach is, what happens in the event of a ransomware attack, and who to report any potential issues within the school.
Technical preventative measures are also necessary to avoid system compromise. The use of cyber vulnerability assessments and penetration testing can benefit your school by presenting where the weaknesses are within your systems and giving a visual representation of what areas need strengthening. Performing this type of vulnerability assessment will promote appropriate levels of cyber hygiene in your school, and protect your student and staff data. External penetration testing will help your school further understand how systems would cope under a cyber attack, giving you insight into what areas need higher security. This way security measures can be implemented to ensure that your systems are as protected as they can be from system infiltration.
ALTDOS are not the first group of cyber criminals of their kind, we see countless ransomware attacks going on worldwide continuously. This has also increased since the beginning of the pandemic due to distance learning and work from home technologies. However, if your school can ensure that its systems are hardened and secured, and everyone within the school is educated on what not to open or click, cybercriminal gangs such as ALTDOS will be more likely to be eradicated.
9ine’s services that will help you protect your school from ALTDOS
Due to a lack of formal, structured training for school IT professionals, 9ine has invested in creating a professional development course for those facing challenges in the area of system hardening. This will help schools to reduce vulnerabilities in their systems, and mitigate the risks associated with a cyber attack from criminals such as ALTDOS. We understand the current threat context for schools all over the world, which is why we have created the Tech Academy for tech teams to attend, learn, and leave with an instructional understanding of how to improve cyber security and IT systems performance at their school.
9ine’s Systems & Security Essentials subscription service aids schools in the hardening of their systems, ensuring that they are as protected as they can be from cybercriminals. A thousand point checklist audit is conducted on your systems to ensure that every aspect of your network is tested for vulnerabilities. You will then be presented with a visual representation of where the weaknesses are within your systems, and preventative measures to ensure that you are able to mitigate the risks associated with the vulnerabilities that are found within the audit. This, alongside the help of 9ine’s expert tech consultants, will provide your school with the most effective system security possible. If you would like to know more about how 9ine’s Security & Systems Essentials can help protect your school from ALTDOS and other cybercriminals, talk to one of our experts to understand how you can make the most out of 9ine’s services.