FBI Warns About Stolen University Credentials Up For Sale by Russian Crooks

The Federal Bureau of Investigation (FBI) has reported alarming news of Russian crooks selling network credentials and virtual private networks for the US universities and colleges in criminal marketplaces.

According to a warning issued by the FBI, these stolen university credentials sell for high prices on the dark web and public internet forums. They could cause cyber-attacks against employees or even educational institutions themselves.

Personal information leaks could lead to attacks

The Feds’ alert said that exposure of usernames and passwords could cause brute force credential stuffing computer network attacks, where attackers attempt logins across multiple internet sites.

They could also exploit these sites for cyber-attacks and use the same user credentials across multiple services.

In May 2021, more than 36,000 email and password combinations ending in ‘.edu’ were listed for sale by hackers on a publicly available instant messaging platform.

The bureau noted that some of the emails may have been copies. Regardless, this shows that there is a necessity to be cautious, stop reusing passwords, and enable multifactor authentication.

The latest FBI warning comes after US colleges and universities continue to experience an increase in ransomware attacks. Last year, hackers attacked 26 colleges and universities with ransomware, and 2022 is on track to exceed this number. So far, this year, 15 higher education schools have been hit with ransomware.

A customer success manager at Horizon3ai, Brad Hong, said that the education sector makes for an easy target as it is rare for a university to stack cyber security as its top priority.

He added that the majority of colleges do not have the budget to implement next-generation cyber tools to combat cyber-attacks.

Phishing attacks continue

The FBI cited attacks that happened in 2017, during which criminals recreated university login pages and emailed links to the sites in phishing emails to gain access to people’s details.

The security alert noted that these tactics have continued to prevail and increased with COVID-themed phishing attacks to steal university login information.

“Phishing is still highly effective and now has become a numbers game – the more frequent the attacks, the more victims get fatigued and fall prey,” Token CEO John Gunn said.

He added that hackers use the same approach for stealing business user credentials, which shows the importance of multifactor authentication and a ‘passwordless’ approach to access control. “No credentials mean nothing to phish and end this massive vulnerability,” the CEO said.