Can’t hardly wait—to get hacked.

School systems around the country are increasingly the target of threat actors who see the learning institutions as soft targets. For IT workers who are already overstretched in their positions within school systems, that means headaches on top of headaches.

“Threat actors believe schools are vulnerable and [with] underfunding, they think they’re good targets,” John Genter, VP of security and cloud operations at edtech security firm Lightspeed Systems, said during a webinar on school cybersecurity on October 20.

Strategy first. The first thing you need is a strategy, added panelist Troy Neal. Neal, who is the executive director of cybersecurity and technology operations at Houston area Spring Branch Independent School District, listed off the precautions he takes.

“I’ve got a five-tier strategy. I’ve got air-gap solutions, and our [colocation], and our [disaster recovery] site. I’ve got good old USB hard drives that are…critical. I’ve got a cloud copy as well, in multiple cloud providers, also validating the backups,” Neal said. “But I mean, overall, you gotta start with a strategy and a roadmap.”

Part of that roadmap is staff awareness—it’s the best method to combat attacks. Neal said that his team uses a “very stringent onboarding process for software” that tries to address any and all data breach holes and demands the same of vendors.

But those vendors can be a source of weakness for bad actors looking for vulnerabilities, Genter said. School districts for the most part are required to publish information on both vendors and apps on their sites—public information that can open the door to attacks.

Read about it here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

Even though slide decks are rarely interesting, hackers still consider PowerPoint a lure, and are tinkering with the different ways that the popular Office tool hides malware.

A September report from the cybersecurity company DuskRise revealed a PowerPoint attack that triggers when an end-user begins presentation mode and moves the mouse. The specific activation steps suggest that the group linked to the tactic—the Russian-based APT28, aka “Fancy Bear”—is experimenting beyond the traditional PowerPoint tactic of hiding macros.

“For the attackers, their old, reliable way of being able to gain code execution on the system has now drastically gone down. And so the PowerPoint mechanism is just one of many different ways that we see attackers trying to test out what’s going to be the next effective way and reliable way to get that code execution on the box,” said Jason Rebholz, CISO at Corvus Insurance.

Getting extra steps in. Malware-laden PowerPoints have been around almost as long as introductory slides with the message, “He who fails to plan is planning to fail.”

PowerPoint payloads were on the rise in 2021 and showed up again in February of this year to change Windows registry keys.

The traditional attack path: A spam email containing a malicious .ppt attachment is opened and sets off the malicious code.

The details revealed by DuskRise demonstrate a few extra steps: The mouse-hovering activates a PowerShell script that downloads and executes an extraction program, or “dropper,” from OneDrive. The dropper downloads a payload that injects Graphite into itself—which only sounds like being stabbed with a pencil. Graphite is malware that uses the Microsoft Graph API and OneDrive for command-and-control communications.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Today’s top IT reads.

Stat: 0.3%. The paltry amount the Bureau of Labor Statistics says US business productivity rose over the last quarter, possibly due to return-to-office mandates. (Computer World)

Quote: “I’m especially sorry to those impacted.”—Mark Zuckerberg, on mass layoffs at Meta (The Street)

Read: MIT researchers attempt to “immunize” images in the fight against AI deepfakes. (Gizmodo)

Builder’s paradise: Every company is a software company now, and with over 90 million developers, GitHub is the place for anyone from anywhere to build anything. Find a plan that works for your team here.*

^{*This is sponsored advertising content.}