SN 1012: Hiding School Cyberattacks - SparkCat, Decrypting ADP, AI Fuzzing - podcast episode cover

SN 1012: Hiding School Cyberattacks - SparkCat, Decrypting ADP, AI Fuzzing

Security Now (Video)
Feb 12, 20253 hr 41 minEp. 1012
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

  • New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores.
  • The UK demands that Apple does the impossible: decrypting ADP cloud data.
  • France moves forward on legislation to require backdoors to encryption.
  • Firefox moves to 135 with a bunch of useful new features.
  • The Five Eyes alliance publishes edge-device security guidance.
  • Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities.
  • Sysinternals utilities allow malicious Windows DLL injection.
  • Google removes restrictive do-gooder language from AI application policies.
  • "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model.
  • Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools

Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Transcript

Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech The Secret World of School Ransomware Cover-ups

Feb 14th 2025 by Benito Gonzalez

AI-created, human-edited.

In a recent episode of Security Now, Steve Gibson and Leo Laporte dove deep into a disturbing trend in American education: the systematic concealment of cybersecurity breaches in K-12 schools. Based on groundbreaking investigative reporting by The 74, a nonprofit education news organization, the discussion revealed how schools are actively working to keep parents and students in the dark about serious data breaches that expose sensitive student information.

The situation is dire. In 2023 alone, there were 121 ransomware attacks against educational institutions globally – a staggering 70% increase from the previous year, making it the worst year on record for education-sector cybersecurity incidents. But what's even more concerning isn't just the attacks themselves, but how they're being handled.

As Gibson and Laporte discussed, schools have developed a sophisticated system for managing these incidents – not to protect students, but to protect themselves. When a cyberattack occurs, the first call isn't to parents or even law enforcement. Instead, schools immediately contact their insurance companies, who deploy what the industry calls "breach coaches" – specialized attorneys whose primary mission is to control the narrative and limit the school's legal exposure.

These attorneys, working under the shield of attorney-client privilege, bring in a whole team of specialists:

Forensic cyber analystsCrisis communicatorsRansom negotiatorsData minersCredit monitoring providersCall centers

All of this is paid for by taxpayer money, while the very people whose data has been compromised – students, parents, and staff – are kept in the dark.

The consequences of these breaches are far-reaching. The compromised data often includes highly sensitive information:

Special education accommodationsMental health recordsSexual misconduct reportsStudent psychological evaluationsFinancial informationMedical records

In one particularly troubling case highlighted during the discussion, the Minneapolis public school system waited seven months before notifying more than 100,000 people that their sensitive files had been exposed. In another instance, hackers used details about past sexual misconduct allegations to extort school officials in Somerset, Massachusetts.

As Gibson pointed out, there's a perverse incentive at play: research suggests that the surge in incidents has been partly fueled by insurers' willingness to pay ransoms. Hackers have openly stated that when a target carries cyber insurance, ransom payments are "all but guaranteed."

Laporte and Gibson discussed the regulatory environment, which both agreed is inadequate. While all 50 states have laws requiring notification of data breaches, the rules vary widely and lack meaningful enforcement mechanisms. As one legal expert quoted in their discussion called it, it's a "multiverse of madness" where protection levels depend entirely on where you live.

While proposed federal rules could require schools with more than 1,000 students to report cyberattacks to CISA by 2026, both hosts expressed skepticism about whether this would lead to real change without proper accountability measures and public disclosure requirements.

As Laporte suggested, the solution might lie in implementing SEC-style regulations for public schools, requiring prompt and transparent disclosure of data breaches. However, as Gibson noted, without a functional mechanism for holding anyone accountable, there's little incentive for the system to change.

Share: Copied! Security Now #1012
Feb 11 2025 - Hiding School Cyberattacks
SparkCat, Decrypting ADP, AI Fuzzi… All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Tickets Developer Program and API Tip jar Partners Contact Us
Transcript source: Provided by creator in RSS feed: download file