US college networks offered stolen credentials by cybercriminals

June 2, 2022
US College Networks Academia Stolen Credentials Cybercriminals

The Federal Bureau of Investigation (FBI) published an advisory about cybercriminals that offer access credentials for higher academic institutions based in the US. The actors sell these credentials for thousands of dollars and are all available on hacking forums and dark web marketplaces.

The critical data offered by the actors contained virtual private networks (VPNs) and network credentials that had access to numerous educational organisations inside the States. The federal agency also spotted several sellers who posted a screenshot that proves the advertised credentials.

The price for data depends on the size and the criticality, which was immediately noticed by the agency last week.

 

Cybercriminals have various ways of gathering credentials.

 

According to the FBI, cybercriminals have various strategies for collecting usernames and passwords. The threat actors executed most credential harvesting strategies through spear-phishing, ransomware, data breaches, extortions, and other intrusion methods.

Ransomware groups commonly use the network access mechanics to acquire access to a target and engage in lateral movement activity to infect valuable hosts and encrypt data for ransom.

The federal agency also noted that in May 2021, a malicious group was likely involved in compromising login credentials posted on over 36,000 email and password combinations.

The FBI suggests that academic institutions adopt mitigation strategies that minimise the risk of infection. Experts also added that users should apply available updates immediately and always check the notifications for trending news.

Furthermore, all institutions should employ brute-force protections. Students and faculty members must also be trained to spot phishing attempts, use strong passwords, and apply MFA codes to secure all networks safely.

The agency advised all entities to reduce credential exposure by restricting the network affiliated accounts used by personnel in public. Concerning firms and institutions should activate the enabling of local device credential protection mechanisms.

Monitoring abnormal traffic and network segmentation can also prevent malware from spreading and detect activities that show malicious activity. Lastly, keen attention to connecting via RDP should be applied by users as cybercriminals frequently target this feature.

About the author

Leave a Reply