Increase in Cyber Attacks on the Education Sector After Back-to-School Season
As students and staff returned to campuses in August, a significant increase in cyber attacks targeting educational institutions was observed globally. From January to July 2025, the education sector experienced an average of 4,356 weekly attacks, representing a 41 percent year-over-year rise. These attacks varied from credential-harvesting phishing domains to advanced malicious code delivery aimed at compromising networks and exfiltrating sensitive data. The onset of themed phishing campaigns, coinciding with the back-to-school period, heightened both the volume and sophistication of these threats, taking advantage of end-user urgency and dependence on digital platforms. While attacks were widespread across all regions, Asia-Pacific organisations faced the most severe impact, averaging 7,869 weekly attacks per organisation. North America recorded the most significant increase, soaring by 67 percent year-over-year, while Europe and Africa saw rises of 48 percent and 56 percent, respectively.
Check Point analysts noted that the scale and timing of these attacks suggest that cybercriminals are capitalising on the seasonal surge in digital activity to enhance their impact and avoid detection. In July alone, over 18,000 new domains mimicking academic institutions were registered, with one in every 57 flagged as malicious or suspicious. These domains frequently hosted impersonation pages that replicated Microsoft’s login interfaces. Researchers identified various campaigns where malware payloads were delivered through seemingly innocuous SVG attachments or QR-encoded PDF forms, facilitating credential theft and the deployment of secondary loaders. A closer examination of the malware’s infection chain revealed a multi-stage process designed for persistence and evasion, beginning with a phishing email containing a crafted SVG file or a PDF disguised as a university communication. When opened, the SVG executed an embedded JavaScript that fetched a payload from a typo-squatted domain.
Categories: Cyber Attacks, Educational Institutions, Phishing Campaigns
Tags: Cyber Attacks, Educational Institutions, Phishing Campaigns, Credential Harvesting, Malicious Code, Asia-Pacific, Infection Mechanism, Digital Activity, Malware Payloads, Security Threats