With millions of students potentially studying from home due to the COVID-19 pandemic, cybercriminals have shifted their efforts towards exploiting the applications that Australia’s more than 3.9m students rely on most.

Microsoft’s Office 365 (O365) software-as-a-service (SaaS) tool, which has become the go-to productivity suite across many schools and universities, has become a particularly popular target.

Trend Micro, for one, recently reported catching over 868,000 high-risk emails targeting 210,000 O365 users last year.

Expect it to get even worse.

Cybercriminals are also watching the exploding use of school and work-focused video collaboration platforms like Zoom and Microsoft Teams, tapping vulnerabilities new and old to target users in the digital spaces where they now work and learn.

Authorities have warned about cybercriminals targeting the virtual private network (VPN) tools used by remote workers and students for secure logins – but “many companies are simply not ready for an attack on this vector,” Attivo Networks chief deception Carolyn Crandall noted.

“With VPN split-tunnelling, which is used to separate home and corporate traffic, remote workers won’t have existing network protections such as web filtering, firewalls, or intrusion detection systems,” she said.

“Attackers will target users accessing corporate networks and SaaS applications with unmanaged systems, and will seek to compromise the systems of those whose security needs updating.”

Crash course in security

Escalating cybercrime attacks have left already-overextended parents adding Chief Security Officer to their growing roster of job titles – forcing many into crash courses on cybersecurity while trying to maintain rigorous home-schooling schedules, and amuse students looking online for study aids and entertainment.

Even during their downtime hours, email-security firm Proofpoint recently noted that entertainment-hungry Australian students are being hit with an array of malware, credential-phishing and password-stuffing attacks – with streaming credentials sold on underground markets.

With figures suggesting the number of registered phishing websites grew by 350 per cent in recent months, the threat has gotten so serious that no less than the World Health Organisation has weighed in on the situation.

Given the fundamental importance of continuous online communications – and the increasing amount of time spent online during the pandemic – the WHO warned that “inadvertently risky Internet behaviour increases with more time spent online.... users could fall for ‘free’ access to obscure websites or pirated shows, opening the door to likely malware and attacks.”

Getting schooled on malware

Many students have been unwittingly introducing malware infections by downloading digital versions of classroom materials, often sent unsolicited by scammers who take over the inboxes of peers.

One recent Kaspersky Labs analysis said the firm’s tools had intercepted potential infections from 234,000 downloaded essays and 122,000 textbooks – with English (2080 attempted downloads), maths (1213) and literature (870) the most commonly downloaded files.

Digital resources were, Kaspersky researchers found, most commonly infected with Stalk – a self-propagating worm that can spread over local networks and email, both tremendously productive infection vectors in school environments.

Students are also flocking to COVID-19-related resources – making them even more likely to respond to the exploding volumes of coronavirus-themed phishing emails.

Proofpoint research found that coronavirus-related phishing lures currently account for more than 80 per cent of all malware, with half a million emails containing over 300,000 malicious URLs, 200,000 malicious attachments and over 140 distinct phishing campaigns.

The Australian Cyber Security Centre (ACSC) has been watching surges in COVID-19 related cybercrime with concern, with acting head Karl Hanmore noting reported scam losses of $1m per day and warning families to “be cyber alert but not cyber alarmed.... these reprobates are out there doing this [and] they’re just after our money.”

Yet with many Australians already beginning to tire of isolation and turning to digital channels for entertainment and communication – surging usage has forced Netflix and YouTube to reduce bandwidth consumption and Microsoft and Sony to shift multi-gigabyte game downloads to off-peak times – students and their parents must be wary of the increased likelihood of being compromised or scammed.

“A cyberattack that deprives organisations or families of access to their devices, data or the Internet,” the WHO warns, “could be devastating and even deadly.”