Revision disrupted as cyber attackers target council

Pupils in Edinburgh were cut off from revision resources ahead of key exam dates after an attempted cyber attack on the council's education department.

Staff spotted a suspicious invitation to a meeting earlier on Friday and realised it was "spear-phishing" - which impersonates a trusted source.

Parents were sent texts telling them that students' passwords have been reset as a precaution - meaning pupils studying for exams no longer had access to their school's learning resources.

Pupils have been going into schools to be given new passwords.

On Friday night, the council said pupils preparing for exams would be given priority support following what it called a "difficult but necessary" decision.

It follows a suspected criminal ransomware cyberattack on schools in West Lothian earlier this week.

Edinburgh Council's education, children and families convener James Dalgleish said staff spotted "unusual and suspicious activity" on the schools and early years IT network.

"As a result, we took the precautionary decision to immediately reset passwords for all users across our education service," he said.

Councillor Dalgleish told BBC Scotland News the phishing attack was spotted very quickly by council officers and some networks were immediately shut down.

"That's obviously unfortunate and a distraction for some pupils who are going through their exam processes but it was necessary to make sure we have the integrity of our educational infrastructure," he said.

"That's not been compromised in any way."

He added that council officers were very well trained in recognising phishing attacks and said investigations into the incident would continue.

As well as pupils being given new passwords, all revision materials have been put on the council website.

"I want to thanks parents and pupils for being patient with us as well as the teachers for opening the secondary schools this morning," he added.

The council believes everything should be back to normal on Monday.

Councillor Dalgleish said the Scottish Qualifications Authority (SQA) had been informed and any pupils with concerns should speak to their teachers.

The council said no data had been compromised by the attempted attack.

Exams began on Friday 25 April with key dates in the coming week, including the Higher maths exam on Monday.

Pupils were told they could access their personal revision materials by going to their schools on Saturday morning.

A member of staff then issued them with a new password, while an online help page, external has been set up by the council.

BBC Scotland News spoke to pupils arriving at James Gillespie's High School.

Jack, 18, said: "It's a bit of a nightmare to be honest.

"Teams is pretty much what everyone learns on, for revising as well. With that being down people are pretty short on what resources they can use."

His sister Libby, 16, said some pupils who have exams on Monday had further to travel to come into school so had even less time to revise.

Robbie added: "It's a bit annoying to be fair as we've been locked out a lot of revision resources this morning."

Spear-phishing usually differs from typical phishing attacks by being more focused, as opposed to the quantity of targets a usual phishing message will be sent to.

Messages in spear-phishing can be more personalised, in an attempt to trick the victim into believing it is from a genuine contact.

Tech companies like X have been attacked via spear-phishing in the past.

Students in Edinburgh use council-provided iPads, as part of the local authority's Empowered Learning, external programme.

West Lothian Council had to resort to contingency measures to keep schools open earlier this week after the local authority's education network was attacked.

A spokesperson for the council said there was no evidence any personal or sensitive data had been accessed in the attack.

Ransomware is a type of malware which prevents someone from accessing a device and the data stored on it, usually by encrypting files, according to the National Cyber Security Centre.