Nationwide cyberattack shuts down school communication app

By Bruce Karnick

[email protected]

Cyberattacks typically do not affect small towns like Hastings or Cottage Grove, but a recent cyberattack did just that, and it was an attack on our schools, or at least the app they use. The app called Seesaw is used around the world by over 150 million users and they experienced an attack that sent an “inappropriate message” to users.

Seesaw indicated that the attack targeted less than 0.5% of users, but the attack did force a shutdown of the messaging feature for two days. They have also urged users to change their passwords.

Both Hastings and Cottage Grove Schools sent information to parents and posted on their social media about the attack. The messages were very similar.

“Our district has received several reports of inappropriate postings to the message portion of Seesaw a communication platform that is used at our preschool and elementary schools. The issue is systemwide, affecting not just our district but others in Minnesota and outside of the State. These posts are not associated with our school community. Please check your email for additional information that was sent directly to families.”

Both schools had limited information available but made sure that people understood this was a nationwide attack on the app. Details of the inappropriate message were not made available either. Major news outlets along with the FBI and CISA (Cybersecurity & Infrastructure Security Agency) chimed in on the attack and others like it, using it as an opportunity to teach people about cyber security.

Federal agents at CISA issued an alert warning of more attacks on schools this year.

'Over the past several years, the education sector, especially kindergarten through twelfth grade (K12) institutions, have been a frequent target of ransomware attacks,' the advisory states. ' School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk.'

Federal cyber officials also offered four critical steps everyone can take to protect themselves online: 1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multifactor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multifactor authentication. The additional credentials you need to log in to your account fall into two categories: Something you have — like a passcode you get via an authentication app or a security key.

Something you are — like a scan of your fingerprint, your retina, or your face.

Multifactor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

September 21, 2022