DNSFilter Data Reveals Major Threat Vector as Students Bypass School Security Controls

Students’ attempts to access restricted content using unsafe proxy services expose them and their schools to cyber risks

New research from DNSFilter finds that school networks are becoming high-volume targets for proxy-borne threats, credential theft, malicious extensions and phishing ecosystems. Data from the company’s networks reveals the growing risks posed by misused web proxies and filter-avoidance tools in schools.

Due to cell phone bans in multiple states, students are more likely to use their school-issued devices for activities they’d normally attempt on their personal phones. As students increasingly try to bypass school security controls – often to access social media, gaming sites or blocked content – they’re unwittingly exposing themselves and school networks to risks like account compromise, malware, credential theft, blackmail scams and broader system vulnerabilities.

Also Read: CIO Influence Interview with Duncan Greatwood, CEO at Xage Security

Analysis of traffic on DNSFilter’s network found:

• Traffic to proxy and filter avoidance categories spiked 83% on November 9, 2025, compared to the previous 12-month average. Proxy and filter-avoidance is defined as using methods and tools to bypass blocked or censored content on networks.
• Overall, malicious gaming-related domains increased 462% on Sept. 22, 2025 compared to the previous 12-month average.
• In relation to attempts to bypass security controls, the education industry ranked third highest in proxy/filter-avoidance requests in October 2025.
• A 295% spike on Nov.8, 2025 in domains containing the term “roblox,” a popular online game that’s come under scrutiny for enabling adults to converse with children through the platform.

These findings underscore how schools are facing rapidly escalating cybersecurity risks, largely driven by students’ attempts to access restricted content using unsafe proxy services. These attempts are not harmless workarounds; they are now a major threat vector.

Traditional content filtering alone is no longer sufficient. Students are increasingly aware of circumvention methods, and attackers exploit this behavior to gain access to accounts and potentially entire school IT systems. Children and teens are uniquely vulnerable, making them prime targets for social engineering, scams, identity theft or harassment.

Awareness of the risks helps schools strengthen cybersecurity policies, improve filtering and reduce successful student circumvention attempts. Using threat insights, schools can proactively block proxy/avoidance domains, detect suspicious patterns (e.g., unsafe gaming extensions), and protect student data and campus systems. Concrete data empowers IT teams to anticipate threat spikes, allocate resources and justify budgets for improved filtering and monitoring tools. Read more in our blog here.

Gregg Jones, intelligence analyst, DNSFilter, said: “Proxy misuse is emerging as a serious and growing attack vector inside school environments, and the industry must treat it like the frontline threat it has become. Cybersecurity strategies in K–12 and higher education must expand to focus on DNS filtering, proactive detection of proxy use, better student education, and more compassionate in-class device policies that reduce the incentive to circumvent controls.”