Teach Cyber 2020 logo
February 28, 2021

The Teach Cyber Megabyte

Thanks for being part of the Teach Cyber mailing list! We're excited to share relevant and useful information about Teach Cyber and other resources, events, and news in cybersecurity education. Feel free to forward and share! (Please note: if you forward this to someone else and they click "unsubscribe", you may be unsubscribed from the mailing list.)

In this month's Megabyte: Join us for the first "Teach Cyber Virtual Lounge"; 2020 Cybersecurity Teachers of the Year; Cybersecurity Word of the Week
The Teach Cyber team is hosting the inaugural Teach Cyber Virtual Lounge. The purpose of the lounge is to provide a casual space in which the Teach Cyber team, cybersecurity teachers, and other cybersecurity education stakeholders can connect.

The event will open with a 20-minute overview of the What to Teach in a High School Cybersecurity course and program, followed by an introduction to the Teach Cyber courseware (which is available at no charge to high school educators). We will keep formal remarks brief and open it up for Q&A.
When: March 4th at 7pm ET
Cost: Free
Registration Required: Register here

We hope you can make it!
TC Virtual Lounge

Passport to Cybersecurity Award Winners

We're excited to announce the following Teach Cyber 2020 Cybersecurity Teachers of the Year! These teachers were presented with the "Passport to Cybersecurity" award. This award recognizes teachers who have dedicated great time and effort to prepare for, recruit for, and implement a cybersecurity class at their school. Their efforts have resulted in students' introduction to the field of cybersecurity!
Teach of the year

Leslie Traver

Lyme–Old Lyme H.S.
Old Lyme, CT

One year of cybersecurity teaching experience
Why is teaching cybersecurity important to you?
Since cybersecurity is a fast-growing, high-paying occupation, I wanted to provide students the opportunity to learn more about this field in hopes of piquing their interest to possibly pursuing this as a career.

Accomplishments in advancing cybersecurity education:
  • Developed and taught the Fundamentals of Cybersecurity course at Lyme-Old Lyme High School after taking a Cybersecurity class at the University of Rhode Island for professional development.
  • 24% of the students who took the class are now pursuing or planning on pursuing Cybersecurity as a major in college because of this class.
Do you have any advice for new cybersecurity teachers?
I would suggest that others do what I did. To get started I took an online college course about the fundamentals of cybersecurity. The course was geared toward teachers wanting to introduce their students to cybersecurity. Once I had an idea of the topics I wanted to cover, I reached out to people in the field of cybersecurity and spoke with others who teach it.
Congratulations, Leslie! Thank you for everything you do to further cybersecurity education.
Why is teaching cybersecurity important to you?
Teaching cybersecurity is important to me because it allows me to introduce my students to many areas of computer science, such as networking, programming, computer hardware, and cryptography.

Accomplishments in advancing cybersecurity education:
My top accomplishments so far are:
  • Recruiting 70+ students who are currently or have taken the Cybersecurity course.
  • Dedicated hundreds of hours of time in training (GenCyber, Syracuse University SEED Workshop, Coursera courses) to learn and develop curriculum for my course.
  • I am currently in the process of researching IT certifications which I would like to incorporate into my curriculum. I believe that this will help my students be more competitive in their future college and/or careers endeavors.
Do you have any advice for new cybersecurity teachers?
My advice for novice cybersecurity teachers is to try out as many resources as possible. Two wonderful training programs I have been privileged to attend were a GenCyber program hosted by Pace University as well as the SEED workshop offered by Dr. Du of Syracuse University. There are also many great curricula available to integrate in your course such as CodeHS, TeachCyber, Hacker High School and C5.

Ann-Marie Linz

Watchung Hills Rgnl H.S.
Warren, NJ

Two years of cybersecurity teaching experience
Congratulations, Ann-Marie! Thank you for your hard work in advancing cybersecurity education.


What are botnets and what are they used for?

A botnet is a large collection of internet-connected devices infected by malicious software (aka malware). Computers, phones, and any "smart device" which is part of the Internet of Things (IoT) can become part of a botnet. Owners of infected devices are often completely unaware that their device has become part of a botnet!
IoT Botnet
Any IoT Device can become part of a botnet.
Botnets allow bad actors to remotely control all of the infected and connected devices. They use botnets to accomplish harmful activities, including gaining unauthorized access to systems or data, data theft, and credential leaks. The botnet, or “army”, of infected computers can also be used for a coordinated attack such as a Distributed Denial of Service (DDoS) attack.

The goal of a DDoS is to impact the availability of a service (internet access), device (computer systems) or digital resource (web page, database). In a DDoS attack, the botnet bombards a single system or server with many requests. This overwhelms the system/server and prevents it from completing legitimate requests.
DDoS Attack


The success of a six-nation effort to takedown the prolific Emotet botnet was announced in January 2021. Europol (the European Union's law enforcement agency) calls Emotet the “world’s most dangerous malware.” The Emotet malware targeted a wide range of network types, from global financial institutions to local school districts [1]. In 2017, the botnet infected a school district in North Carolina causing more than $1.4 million in damage while disabling the school’s network for two weeks [1]. This crippled the school network's availability. Imagine applying for something that requires your school transcripts, but they're not available! You have wait (in this case for two weeks) and hope for availability to be restored to the systems and the networks. You also have to hope that your transcript data has not been altered or damaged (i.e., a breach of integrity), and that your grades and information have not been leaked (i.e., a breach of confidentiality).

Emotet started out in 2014 as a banking Trojan (a type of malware disguised as legitimate software which targets online banking) and evolved [2]. The Emotet malware installed automatically when a user clicked on an infected Word email attachment and enabled macros (a series of commands that can be recorded and executed at a later time, thereby allowing you to automate repetitive tasks in Microsoft Word) .

Emotet’s botnet spent much of 2020 spamming (sending unsolicited emails to) companies, governments, non-profits, and schools across the world with Covid-themed emails [1]. Unsuspecting victims opened these emails and downloaded Microsoft Word or Excel attachments from the emails. If the victim had enabled macros, then the malware was installed. Once the victim's device was infected with the malicious software, hackers could steal data or encrypt a victim’s files and demand ransom.
Emotet Botnet 2
What made Emotet an even bigger threat is that it was more than stand-alone malware...it was a platform for hire. Other cybercriminals could purchase access to systems infected with Emotet to install and launch their own malware.

It is estimated that Emotet infected more than 1.6 million electronic devices worldwide between April 1, 2020 and January 17, 2021 [3] and that it generated hundreds of millions of dollars in revenue for its criminal operators, who are largely in eastern Europe [1]. While the botnet has been disrupted, some companies warn customers not to let their guard down, even after hundreds of Emotet botnet servers were taken down in late January 2021 [4]. Law enforcement is taking over the botnet and will force it to uninstall itself in April 2021. This should make it very difficult for Emotet to return, but not impossible, as other botnets have been brought back online after large take-downs [4].

What makes botnets so hard to dismantle? Why did it take 6 nations to take down Emotet?

What are two things you can do to prevent your devices from becoming part of a botnet?
Interested to learn more about botnets? There are several activities in the Teach Cyber "Intro to the Challenge of Cybersecurity" course that can help you do this! Unit 1 Lesson 2 contains an activity called "Identifying the Attack". This activity explores the Mirai botnet as a case study.

In Unit 4 Lesson 7 (Network Security), the "Botnet" activity asks students to think critically about aspects of a botnet when designing and engineering one. This helps students sharpen their adversarial thinking skills.

To “see” other current DDoS and botnets in action, check out one interactive threat map at https://map.lookingglasscyber.com/.
[1] Mehrotra, K. (2021, January 28). Prolific Botnet Is Disrupted by Six-Nation Enforcement Team. Bloomberg. https://www.bloomberg.com/news/articles/2021-01-28/emotet-botnet-disrupted-by-global-law-enforcement-campaign

[2] Europol. (2021, January 27). World’s most dangerous malware EMOTET disrupted through global action. https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action

[3] U.S. Department of Justice. (2021, January 28). Emotet Botnet Disrupted in International Cyber Operation. https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation

[4] Gatlan, S. (2021, February 8). Microsoft: Keep your guard up even after Emotet’s disruption. Bleeping Computer. https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/
Teach Cyber 2020 logo