[BreachExchange] Hackers are Selling US University Credentials Online, FBI Says

Tue May 31 08:38:29 EDT 2022

https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope they've reused the same credentials.

The news is the latest reminder of the importance of having long, unique
passwords, and equally, why using technology like password managers is the
safest way forward.

Stolen VPN Credentials on Criminal Forums

“The FBI has observed incidents of stolen higher education credential
information posted on publically accessible online forums or listed for
sale on criminal marketplaces,” the intelligence service said in a briefing
on the issue.

As of January 2022, the document reads, Russian criminals have been posting
network credentials and VPN accesses relating to a long list of different
US education institutions on online forums. According to the FBI, they’ve
been fetching “multiple thousands” of US dollars.

This wouldn’t be the first case of this either – the FBI notes that in
2017, “cybercriminals targeted universities to hack .edu accounts by
cloning university login pages and embedding a credential harvester link in
phishing emails.”

More recently, in May 2021, “over 36,000 email and password combinations
(some of which may have been duplicates) for email accounts ending in .edu
were identified on a publically available instant messaging platform.”

There were additional incidents from 2020 referenced in the same report.

Why Are These Credentials Valuable?

If you’re a hacker, once you’re able to obtain the credentials for a single
account belonging to one individual, the chances you’re able to access
other private accounts belonging to the same person drastically increased.

Cybercriminals are banking on the fact that some of the college students
they have stolen credentials from will have recycled the same login details
for use on other accounts.

In this case, cybercriminals are banking on the fact that some of the
college students they have stolen credentials from will have recycled the
same login details for use on other accounts.- which forms the basis for
brute force and credential stuffing attacks.

This is not a bad bet to place either, from their perspective – the whole
reason those attacks exist in the first place is the high prevalence of
repeated passwords.

How do I protect my Business from this Sort of Threat?

Although this attack seems to be orientated around students’ personal
accounts, businesses are much more likely to be targeted simply because
it's a more profitable endeavor for cybercriminals to pursue.

The FBI’s list of recommended steps to take include all the classics –
keeping your systems up to date, implementing multi-factor authentication,
and using strong and unique passwords.

The safest way to store passwords – whilst ensuring they’re long enough to
be secure – is using a password manager. That way, you’ll only have to
remember a single password to your account with your chosen password
manager (as well as a couple of other bits of security information), yet
you’ll be protected on all of your accounts.

There are password managers for both Businesses and consumers, and making
sure you’re protected at work and at home is the smartest thing to do.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220531/d4e88108/attachment.html>