Why Using Ethical Hackers Helps Protect Online Learning

About the Author:

Ashish Gupta is the CEO of Bugcrowd.

In the wake of COVID-19, colleges and universities across the U.S. have embraced virtual and hybrid learning to combat the spread of the virus and protect students and staff.

Recent research analyzed the reopening models of 3,000 higher-ed institutions and found that only 4 percent are allowing in-person attendance, making learning management systems, or LMS solutions, critically important.

In short, LMS solutions are a comprehensive platform for students to see a list of their courses, interact with their professors, find assignments and link to applications, such as Zoom, to take part in the virtual classroom. However, many cybersecurity professionals, college students, and faculty are asking: are online LMS solutions safe?

Related content: Breaking down the top 10 worst data breaches

Cybersecurity experts are seeing first-hand how LMS IT teams are working diligently to secure their platforms during these unbelievably challenging times.

The education industry has traditionally been a target for cybercrime. Since the advent of COVID-19 stay-at-home mandates, cybercriminals have ramped up their activity. Most recently, Heartland Community College in Illinois was forced to halt online operations, including classes, as they worked to contain a security breach just a few weeks into the fall semester.

Why LMS breaches can be devastating

Each time a student or faculty member logs onto an LMS solution, a wealth of sensitive information about the user is stored, including the student’s name, address, emergency contact, and other information. Any penetration or breach of a LMS solution could well result in personally identifiable information, or PII, being stolen and sold on the Dark Web for profit. If a bad actor successfully breaches a LMS system, students and faculty could be subject to identity fraud.

LMS solutions, like any software-based system, require continuous testing. These platforms are not free of vulnerabilities, and the recent rise in cybercrime underscores the need for LMS solutions to take a proactive approach to security.

Leveraging ethical hackers to protect LMS systems

The business world is undergoing changes of tectonic proportions that are threatening the future of digital business. Traditional cybersecurity tools, such as scanners, cannot always ascertain what human cybercriminals may decide to do. It often takes a human touch to compete against an army of adversaries, and bug bounty programs that use ethical hackers can provide LMS platforms with an army of their own.

Crowdsourced bug bounty programs are like neighborhood watch programs, but for the internet. These programs are powerful because no company, no matter how vigilant, can defend all its potential vulnerabilities. Even worse, most companies lack the highly specialized cybersecurity expertise required to research, prioritize, and remediate all their cybersecurity vulnerabilities. Crowdsourced cybersecurity gives companies priority access to a global marketplace of on-demand, highly specialized cybersecurity experts who protect companies – like LMS solutions – from constantly evolving adversaries and attack methodologies.

Ethical hackers James McLean and Michael Skelton, who work with LMS customers, provided some interesting insights into their work with the LMS platforms.

Skelton points out that anyone can be an “ethical hacker,” and many times, even the students themselves “…can be armed to be LMS warriors — offering a new level of security for LMS solutions.”

“With ethical hackers, LMS solutions now have an extra pair of eyes on the product that you didn’t have before,” he continued.

“[Hackers] can say, ‘OK, I found something’ and either exploit it against the school or take it to a bug bounty company and potentially receive a reward for it,” said McLean. “These incentives allow many young hackers to choose the right path.”

“We find the vulnerability, build a proof of concept and then report it via a bug bounty platform,” added McLean. “Schools and LMS organizations must be open to taking our feedback and be dedicated to remedying the issue.”

When Skelton and McLean worked on one large LMS solution a few years back, they found several vulnerabilities that could well circulate on today’s LMS platforms. One such vulnerability was called a Cross-site Scripting (XSS), an injection attack whereby the attacker aims to execute malicious scripts in a web browser by including malicious code in a legitimate web application.

Another form of malicious hacking that university LMS platforms have witnessed is crypto-jacking. Crypto-jacking is the unauthorized use of someone else’s computer to mine for cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer or infecting a website or online ads with JavaScript code that auto-executes once loaded in the victim’s browser.

Similar to this are ransomware attacks with LMS solutions as an origin. This issue became known in mid-September following a recent spike in hackers targeting universities with ransomware attacks. In these situations, malicious actors not only demanded a significant bitcoin ransom from victims of attacks, but they have also threatened to leak stolen personal data of students if they are not paid.

Protecting the future of online learning

Today, keeping LMS solutions safe is of utmost importance for the hundreds of millions of university students worldwide. Bug bounty programs provide a continuous method for testing and finding vulnerabilities and should be used along with other cybersecurity safeguards.

Given the extraordinary situation we find ourselves in today due to COVID-19, many LMS organizations are taking a proactive approach to strengthening their cybersecurity posture. As such, bug bounty programs are becoming the “new normal,” ensuring that human ingenuity can work alongside AI and other technological solutions to find potential vulnerabilities and exploits.

Follow us on social media for the latest updates in B2B!



New Arrival: Shure Wireless Push-to-Talk Systems at Rentex!
June 19, 2024

Rentex has just received more Shure Microflex MXCW Wireless Push-to-Talk Digital Conference Systems. Each system has been labeled, quality checked, and scanned into our inventory, ready for your next event. These systems offer automatic interference detection, robust encryption, and support for up to 125 participants, ensuring reliable and secure communication. Explore all our conference solutions…

Read More
roe led
Showcasing Our Top-Quality ROE LED Panels at Rentex!
June 19, 2024

Rentex highlights a major ROE LED order heading out the door, featuring the BP 2 2.84mm Indoor LED tile with Brompton processing for superior image quality. This video showcases the cases and a quick glimpse of the scanning process, demonstrating Rentex’s commitment to top-tier AV equipment. Discover all LED options available at Rentex by visiting…

Read More
Rentex Team in Action: Loading a Big Fall Order!
June 19, 2024

The Rentex team efficiently loads a major order in preparation for the busy fall season. This video showcases the team’s dedication and coordination as they handle high-quality AV equipment. With an extensive inventory and a focus on exceptional service, Rentex is ready to meet all client needs this fall. Watch the team in action and…

Read More
Rentex Kicks Off Fall with a Major Order!
June 19, 2024

Rentex celebrates its first large order for the fall season, showcasing the extensive capabilities and inventory ready to meet client demands. This milestone underscores Rentex’s commitment to providing top-quality AV equipment and exceptional service. With a growing inventory and a dedicated team, Rentex is prepared for a busy and successful fall season. Trust Rentex for…

Read More