Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Kaspersky warns against cybercriminals offering grade-hacking services and fake qualifications

By Raymond Lau - on 26 Jun 2019, 4:00pm

Kaspersky warns against cybercriminals offering grade-hacking services and fake qualifications

Image source: Kaspersky

There are several ways to ace school exams. There’s the tried and tested way of actually studying for them, or you can try a number of less savory methods like hacking into your school’s computer system or buy education qualifications outright.

Kaspersky recently found an uptick in the latter as the summer exam season rolls around, prompting a short but interesting look into the world of grade-hacking and fake qualifications.

“Reports of young people breaking into school systems to change grades, improve attendance records or disrupt test processes are not new, and nor is the availability of fake certificates and diplomas. Over the years, a thriving underground industry has grown up to facilitate cheating when it comes to academic achievements. This includes discussion fora and how-to guides and videos.”

For example, if your school uses a learning management system (LMS) or similar solution like PowerSchool, they can be prone to vulnerabilities that expose certain information, potentially even school grades. Students may also not be particularly good at creating secure account passwords or adept at security best practices, putting them at risk of phishing attacks.

Kaspersky recommends the following measures to safeguard systems and young people against education fraud:

  • If a qualification looks suspicious, check with the issuing institution as they will have the official record of who achieved what.
  • Introduce some form of two-factor authentication for information systems, especially web-based ones, and particularly for access to student records, grades and assessments. Set strong and appropriate access controls, so that it is not easy for a hacker to move laterally through the system.
  • Run security awareness training for staff, explaining how to securely implement and use passwords.
  • On campus, have two separate and secure wireless networks, one for staff and one for students, and another one for visitors if you need it.
  • Don’t be tempted to put everything online or on the web-based portal if it doesn’t need to be there. Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times.
  • Use a reliable security solution for comprehensive protection from a wide range of threats.

Read the full blog post here.

Source: Kaspersky