Hackers found selling stolen college credentials

The FBI warns American universities and colleges that criminals are offering their network credentials and virtual private network (VPN) access for sale.

The logins, collected through spear-phishing, ransomware or other tactics, are reportedly sold on both online criminal marketplaces and publicly accessible forums.

Exposing usernames and passwords can lead to brute force-credential stuffing computer network attacks, where attackers try to log into different Internet sites or abuse them for subsequent cyber attacks, as criminals abuse users who reuse the same credentials for multiple accounts, Internet sites, and services,” the FBI warned in an advisory.

If attackers manage to compromise a victim’s account, they could attempt to strip the account’s stored value, use or resell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit other criminals activities against the account holder, or use it for subsequent attacks on affiliated organizations.”

Over the past two years, the use of these techniques has increased, with logins being stolen via Covid-related phishing attacks. For example, about 2,000 unique usernames and passwords for university accounts with the .edu domain were found for sale on the dark web at the end of 2020, while more than 36,000 combinations of email and passwords for email accounts ending in .edu were identified by May 2021. on a publicly available instant messaging platform.

And as of January 2022, Russian cybercriminal forums offered the network credentials and virtual private network accesses to US universities and colleges, some of which included screenshots as proof of access. Prices ranged from a few dollars to several thousand.

The FBI suggests colleges and universities contact their local FBI field office and update their plans for incident response and communications.

“Hybrid and distance learning models have exposed higher education to a plethora of attacks that expose unattended and unsecured accounts. Threat actors continue to exploit unprotected accounts to their advantage and their tactics become increasingly sophisticated and, as a result, often more difficult to identify and target. quit,” said Steven Hope, CEO and co-founder of password management company Authlogics.

“Universities in particular should train students and staff to recognize persuasive phishing emails and the steps to take when opening various attachments or emails. Students are easy targets because, unlike in a working environment, often do not have the necessary understanding to spot these kinds of attacks.”

Leave a Reply

Your email address will not be published.