Categories: Technology

US college VPN credentials for sale on Russian crime forums, FBI says

[ad_1]

Getty Images

The FBI on Friday said that thousands of compromised credentials harvested from US college and university networks are circulating on online crime forums in Russia and elsewhere—and could lead to breaches that install ransomware or steal data.

“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publicly accessible forums,” the agency said. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.”

Login names and passwords are routinely harvested in phishing attacks, which may use fake claims of an account breach or a COVID-themed pitch to lure victims. Often, the threat actors who conduct these attacks sell the data on crime forums. The data can then be scooped up by fellow threat actors who focus on server infections for purposes of ransomware, cryptojacking, or espionage.

In 2017, for example, the FBI observed criminals targeting universities to hack .edu accounts by “cloning university login pages and embedding a credential harvester link in phishing emails.” The threat actors would then receive compromised credentials directly from the university server.

Friday’s bulletin listed observed examples of compromised university account data, including:

  • As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access. Sites posting credentials for sale typically listed prices varying from a few to multiple thousands of US dollars.
  • In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were identified on a publicly available instant messaging platform. The group posting the compromised data appeared to be involved in the trafficking of stolen login credentials and other cyber criminal activities.
  • In late 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. The seller listed approximately 2,000 unique usernames with accompanying passwords and asked for donations be made to an identified bitcoin wallet. As of early 2022, the site containing the credentials was no longer accessible.

Both the FBI and independent security researchers recommend IT people inside universities and other organizations “establish and maintain strong liaison relationships with the FBI Field Office in their region.” This can make it easier for parties to communicate in the event an emergency arises.

[ad_2]
Source link
Admin

Recent Posts

Kijangwin is the latest online video gaming provider

Kijangwin is your brand-new go-to destination for all things internet gaming. Whether you're an informal…

2 days ago

How to Style Trendy Clothes Effortlessly

Hey there, fashion enthusiasts! Are you ready to dive into the world of trendy clothes…

3 days ago

How to effectively recover your frozen/stolen funds from fraudulent platforms

Hey there! If you're reading this, there's a good chance you've found yourself in the…

3 days ago

Important things about Core 2 . 0 regarding Hemp Users

Hey there, hemp enthusiasts! If you've been on the hunt for the next big thing…

5 days ago

Exploring the Features and Benefits of Strio

Hey there! Have you ever found yourself tangled up in the world of communication and…

1 week ago

The Importance of Pre-Sale Pest Control: Ensuring a Smooth Home Transaction

Are you worried that hidden critters might derail your home sale? Selling a house can…

1 week ago