Hackers Sell Stolen University Credentials

The FBI is warning US colleges and universities that their network credentials, virtual private network (VPN), and access to them are being sold by criminals.

According to reports, logins obtained through ransomware, spear-phishing or other methods are being sold on both publicly accessible forums and online criminal marketplaces.

The FBI has issued an advisory warning that “exposure of usernames or passwords could lead to brute force credentials stuffing computer network attack,” where attackers try logins across different internet sites or exploit them to launch subsequent cyber attacks.

“If attackers succeed in compromising victim accounts, they may try to drain the account from stored value, leverage, or re-sell credit cards numbers and other personally identifiable data, submit fraudulent transactions or exploit for other criminal activities against the account holder or use it for subsequent attacks on affiliated organizations.”

These techniques have been used more frequently in the past two years. Logins were stolen via Covid-related Phishing attacks. For example, in late 2020, approximately 2,000 university account usernames were stolen from the dark web. In May 2021, over 36,000 password combinations and email addresses ending in.edu had been identified on an openly-accessible instant messaging platform.

As of January 20, 2022, Russian cybercriminal forums offered network credentials and access to virtual private networks to colleges and universities across the US. Some of these accesses included screenshots as proof of access. Prices ranged from a few dollars up to several thousand.

According to the FBI, colleges and universities should contact their local FBI Field Offices to update their communication and incident response plans.

“Hybrid learning and remote learning have exposed higher education to a multitude of attacks that expose unmanaged or unsecured accounts. “Trojan actors continue to exploit unprotected account for their benefit. Their tactics are increasing sophistication and thus, harder to spot and stop,” Steven Hope, CEO, cofounder of password management company Authlogics.

“Universities should provide training for students and staff to spot phishing emails, and how to proceed when opening attachments. Because they lack the knowledge and skills to recognize these types of attacks, students are a prime target.

HEY! Could we ask you for a favor? Would you share this article with your friends? It costs you nothing and it takes just a second, but means the world to us. Thanks a lot!