Helping an education trust build up its firewall defences

The Challenge
All Police CyberAlarm (PCA) members receive regular member threat reports that log any suspicious cyber activity and vulnerabilities enabling organisations to identify and mitigate its cyber risks. It had been identified and reported by the PCA team that one member – an education trust consisting of 17 schools – had been allowing a much higher than normal volume of suspicious traffic through its firewall. This increased level traffic suggested there was a misconfiguration in its firewall system that was allowing traffic from known malicious sources on vulnerable ports to be allowed.
It had also been identified that one school within the trust had allowed suspicious activity from a known ‘bad actor’ back in December 2022. As a result, the school was contacted by its local protect officer, but the school assured the officer it was not vulnerable, and yet later that month it was compromised by a cyber-attack.
PCA in Action
Police CyberAlarm (PCA) works in partnership with the National Fraud Intelligence Bureau (NFIB) – an organisation responsible for gathering and analysing intelligence relating to fraud and financially motivated cybercrime – to strengthen capabilities in combating threats against PCA members.
Together, they were able to identify multiple instances where vulnerabilities could be exploited, and cyber-attacks potentially launched against the multi-academy trust.
The Outcome
In the wake of the attack, the school was able to contact the Police CyberAlarm team and was assisted in the diagnosis of events which led up to the incident.
Sign up for Police CyberAlarm for improved resistance against attacks.