Why Using Ethical Hackers Helps Protect Online Learning

About the Author:

Ashish Gupta is the CEO of Bugcrowd.

In the wake of COVID-19, colleges and universities across the U.S. have embraced virtual and hybrid learning to combat the spread of the virus and protect students and staff.

Recent research analyzed the reopening models of 3,000 higher-ed institutions and found that only 4 percent are allowing in-person attendance, making learning management systems, or LMS solutions, critically important.

In short, LMS solutions are a comprehensive platform for students to see a list of their courses, interact with their professors, find assignments and link to applications, such as Zoom, to take part in the virtual classroom. However, many cybersecurity professionals, college students, and faculty are asking: are online LMS solutions safe?

Related content: Breaking down the top 10 worst data breaches

Cybersecurity experts are seeing first-hand how LMS IT teams are working diligently to secure their platforms during these unbelievably challenging times.

The education industry has traditionally been a target for cybercrime. Since the advent of COVID-19 stay-at-home mandates, cybercriminals have ramped up their activity. Most recently, Heartland Community College in Illinois was forced to halt online operations, including classes, as they worked to contain a security breach just a few weeks into the fall semester.

Why LMS breaches can be devastating

Each time a student or faculty member logs onto an LMS solution, a wealth of sensitive information about the user is stored, including the student’s name, address, emergency contact, and other information. Any penetration or breach of a LMS solution could well result in personally identifiable information, or PII, being stolen and sold on the Dark Web for profit. If a bad actor successfully breaches a LMS system, students and faculty could be subject to identity fraud.

LMS solutions, like any software-based system, require continuous testing. These platforms are not free of vulnerabilities, and the recent rise in cybercrime underscores the need for LMS solutions to take a proactive approach to security.

Leveraging ethical hackers to protect LMS systems

The business world is undergoing changes of tectonic proportions that are threatening the future of digital business. Traditional cybersecurity tools, such as scanners, cannot always ascertain what human cybercriminals may decide to do. It often takes a human touch to compete against an army of adversaries, and bug bounty programs that use ethical hackers can provide LMS platforms with an army of their own.

Crowdsourced bug bounty programs are like neighborhood watch programs, but for the internet. These programs are powerful because no company, no matter how vigilant, can defend all its potential vulnerabilities. Even worse, most companies lack the highly specialized cybersecurity expertise required to research, prioritize, and remediate all their cybersecurity vulnerabilities. Crowdsourced cybersecurity gives companies priority access to a global marketplace of on-demand, highly specialized cybersecurity experts who protect companies – like LMS solutions – from constantly evolving adversaries and attack methodologies.

Ethical hackers James McLean and Michael Skelton, who work with LMS customers, provided some interesting insights into their work with the LMS platforms.

Skelton points out that anyone can be an “ethical hacker,” and many times, even the students themselves “…can be armed to be LMS warriors — offering a new level of security for LMS solutions.”

“With ethical hackers, LMS solutions now have an extra pair of eyes on the product that you didn’t have before,” he continued.

“[Hackers] can say, ‘OK, I found something’ and either exploit it against the school or take it to a bug bounty company and potentially receive a reward for it,” said McLean. “These incentives allow many young hackers to choose the right path.”

“We find the vulnerability, build a proof of concept and then report it via a bug bounty platform,” added McLean. “Schools and LMS organizations must be open to taking our feedback and be dedicated to remedying the issue.”

When Skelton and McLean worked on one large LMS solution a few years back, they found several vulnerabilities that could well circulate on today’s LMS platforms. One such vulnerability was called a Cross-site Scripting (XSS), an injection attack whereby the attacker aims to execute malicious scripts in a web browser by including malicious code in a legitimate web application.

Another form of malicious hacking that university LMS platforms have witnessed is crypto-jacking. Crypto-jacking is the unauthorized use of someone else’s computer to mine for cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer or infecting a website or online ads with JavaScript code that auto-executes once loaded in the victim’s browser.

Similar to this are ransomware attacks with LMS solutions as an origin. This issue became known in mid-September following a recent spike in hackers targeting universities with ransomware attacks. In these situations, malicious actors not only demanded a significant bitcoin ransom from victims of attacks, but they have also threatened to leak stolen personal data of students if they are not paid.

Protecting the future of online learning

Today, keeping LMS solutions safe is of utmost importance for the hundreds of millions of university students worldwide. Bug bounty programs provide a continuous method for testing and finding vulnerabilities and should be used along with other cybersecurity safeguards.

Given the extraordinary situation we find ourselves in today due to COVID-19, many LMS organizations are taking a proactive approach to strengthening their cybersecurity posture. As such, bug bounty programs are becoming the “new normal,” ensuring that human ingenuity can work alongside AI and other technological solutions to find potential vulnerabilities and exploits.

Follow us on social media for the latest updates in B2B!

Image

Latest

virtual simulation
Boxlight’s Virtual Simulation: Exploring Elementary Geometry
January 21, 2025

In today’s digital age, educational technology is transforming the way we approach learning, making it more interactive, engaging, and effective. One such innovative solution is Boxlight’s 3D virtual simulation kits, aiming to revolutionize elementary geometry lessons. A Complementary Path for K-5 Geometry Keeping in mind the K-5 geometry curriculum standards, Boxlight has an extensive…

Read More
Mastering the Essentials of Guest Login in Recruit: A Guide for Educators
January 21, 2025

For educators navigating the realms of modern technology tools, guest login options, particularly in Recruit, have proved to be a valuable resource. While this feature offers ease of access, especially in scenarios where students are transient listeners, like in after-school programs or one-day camps, it’s essential to understand its capabilities and limitations thoroughly. The…

Read More
Polyhedron's Kit
The Art of Kite Building: An Engaging way to Teach Engineering with Composing Polyhedron’s Kit
January 21, 2025

If you’re searching for an educational activity that combines fun, creativity, and scientific learning, look no further: kite building with the Composing Polyhedron’s kite expansion kit is exactly what you need. Learning through Fun – A Unique Approach with Kite Building As the sun shines and summer sets in, it’s time to add a…

Read More
tinkercad
Exploring 3D Design in Early Education with Tinkercad
January 21, 2025

When it comes to nurturing creativity and innovative problem-solving in the classroom, the importance of design-based learning cannot be overstated. And the good news? Even the youngest students can participate in design challenges. The key lies in simplifying the learning process with user-friendly tools, such as Tinkercad’s scribble tool. Starting Simple: The Scribble Tool…

Read More