The attack hit following a directive from the state government for schools to return to remote learning.
According to the Department in response to the attack, a number of internal systems have been deactivated as a precaution and have been unavailable since late Wednesday.
NSW Education Secretary Georgina Harrisson said the Department’s priority is the safety and security of its student and staff data, and it has therefore made the precautionary decision to take some systems offline while it investigates further.
"The timing of this creates considerable challenges for staff as we prepare for the start of Term 3,” Harrisson said.
“Thankfully, our teams have been able to isolate the issues and we are working to reactivate services as soon as possible.”
Harrisson said Department of Education and Cyber Security NSW teams are working to ensure normal access is restored in time for the start of Term 3.
“I am confident we will have the issue resolved soon and want to reassure teachers and parents that there will be no impact on students learning from home next week,” Harrisson said.
"Whilst we are confident all systems will be back online before Day 1, Term 3, we are making information to support home learning available on our public website so that preparations for the start of term can continue."
Harrisson said as well as working closely with Cyber Security NSW to resolve the issue, the department has referred the matter to the NSW Police and federal agencies.
“As the matter is under investigation, it is inappropriate to make any further comment,” Harrisson concluded.
The security attacks on the NSW Department of Education drew comments from key players in the secrity sector - Barracuda Networks, LogRhythm and WatchGuard Technologies.
“The sheer amount of personal information held by education government departments, schools and universities makes them an ideal hacking target. At the same time, the substantial shift towards remote learning and e-learning has made them even more vulnerable and appealing to nefarious players,” said Mark Lukie, Sales Engineer Manager – APAC, Barracuda Networks.
“During 2020, our researchers found that educational institutions are more than twice as likely to be targeted by business email compromise (BEC) attacks than an average organisation. In fact, more than one in four spear-phishing attacks that we saw targeting the education sector was a carefully crafted BEC attack.
“Both public and private sector organisations of all sizes are susceptible to web application, volumetric attacks and ransom demands at crucial times. We believe in the benefits of cloud augmented security to help educational organisations mitigate risk against modern attacks and allow for scalability and agility. Having the appropriate technology components in place that support ongoing business and operations functionality while also ensuring core applications and data are secure is the critical challenge.”
Simon Howe, Vice President Asia Pacific Sales, LogRhythm commented: “The education sector continues to be a top target for cyberattacks. As we have witnessed over the past few months, threat actors are still at large implementing cyberattacks to gain control of vital data and bring organisations to their knees. The increased reliance on e-learning has made schools in Australia and many other countries an even bigger target of opportunity than before as the stakes are higher and worth more money. If the technology is taken down, lessons come to a complete standstill. This will likely not be the last attack targeting schools.
“More than ever, it is crucial for education departments to take a proactive approach and invest in cybersecurity solutions that automatically detect malicious behaviour and enable network infrastructure to block any further access attempts. Cybersecurity is not just for large companies and should be appropriately funded at the state and local government level to ensure that our students can continue to learn without disruption.”
“This attack shows that irrespective of the industry, people behind cyberattacks are not biased. Education providers hold a wealth of data, including sensitive intellectual property and the personal details of tens of thousands of students and staff members.,” said Anthony Daniel, Regional Director – Australia, New Zealand and Pacific Islands, WatchGuard Technologies.
“As such, they’re prime targets for hackers and cyber-criminals. Given increasing awareness and concern about cyber-crime, institutions which aren’t seen to be taking all reasonable steps to prevent their systems being compromised or hacked can expect to take a serious reputational hit, if the worst occurs.
“The NSW Department of Education seems to have done its due diligence by deactivating its system for the 21 hour period and involve the appropriate agencies. It is fortunate that it is school holidays. However, this attack has disrupted and delayed preparation of work for teachers and principals as they prepare for the new term next week.
“This shows the impact of how an attack can disrupt the day to day functions of any business, school or educational organisation. Putting aside the financial impact, this requires more human hours to rectify, delaying the required work needed to prepare for the new term, hence creating the stress for all teachers and principals.
“Our advice to parents and teachers is to ensure they have a secure network at home and if they don’t, to really look into having a robust solution implemented as students learning remotely still require a high level of security.
“Multi-Factor Authentication can help institutions protect the personal data of students and staff, irrespective of when and where they log on. A simple, easy-to-use service with convenient authentication factors, including mobile tokens, and a single sign-on capability can be deployed to protect the cloud applications, email accounts and video conferencing platforms institutions use to deliver the learning experience.”