Hackers recently redirected SchoolDesk websites to an Islamic State-sponsored YouTube video, targeting US websites in Arizona, Connecticut, Virginia and New Jersey.
The FBI is investigating the hack, which affected 800 schools, private companies, and government websites.
The Atlanta-based company said in a statement: “It immediately responded when its technicians had found a small file injected into the root of one of its websites that redirected to a YouTube video containing an audible Arabic message and a picture of Saddam Hussein.
“Although the exact method and point of intrusion is not yet fully known (possibly an SQL injection or through a user account with a weak password), we have added multiple layers of redundant protection to prevent this from happening again.”
Mark James, a specialist at security company ESET, said to the BBC: “In this case, gaining access to change or plant a rogue file that redirects users to areas of your design is about as simple as it gets – small footprint, no potential warning signs and out before anyone notices – but the results are as bad as they get.”
SchoolDesk advises administrators to change passwords to keep secure.
Written by Leah Alger