The education sector in 2023 remains highly vulnerable to cyberattacks [2], particularly in primary and secondary schools [2]. This article highlights the various threats faced by these institutions and the need for improved cybersecurity measures.


In K-12 schools [3] [4], vulnerability exploitation and phishing campaigns are the most common types of cyberattacks [2], accounting for 29% and 30% of incidents, respectively. A report by Critical Start reveals the use of QR codes in phishing attacks [3], where cyber-criminals disguise themselves as Microsoft security notifications and embed QR codes within images or PDF attachments [3]. Ransomware groups are actively sharing tactics [1] [2] [4], techniques [2] [4], and procedures [2] [3] [4], indicating a reliance on affiliates and highlighting the dynamic nature of the cybercrime economy [4]. Microsoft Teams poses a security concern as external accounts can bypass security measures and send harmful files directly to an organization’s staff. Furthermore, there is a vulnerability in Microsoft Teams that allows for this bypass. The report also mentions the rise of Volt Typhoon, a Chinese state-sponsored threat actor [2], who is likely to continue carrying out cyber espionage campaigns [3], posing a concern for U.S. critical infrastructure [1] [2]. The evolving nature of cybercrime presents challenges for organizations in staying ahead of vulnerabilities and external threats [3].


The vulnerabilities in the education sector’s cybersecurity pose significant risks to primary and secondary schools. To mitigate these threats, it is crucial for institutions to enhance their security measures and stay updated on the latest tactics employed by cyber-criminals. Additionally, addressing the specific vulnerabilities in Microsoft Teams is essential to prevent harmful files from reaching staff members. The rise of state-sponsored threat actors like Volt Typhoon highlights the need for increased vigilance in protecting critical infrastructure. As cybercrime continues to evolve, organizations must remain proactive in identifying and addressing vulnerabilities to safeguard against external threats.