The FBI is warning against credentials belonging to higher education institutes being sold on public and dark web forums. These credentials allow attackers to access user accounts or networks of education institutions.

Credentials on sale

The FBI has recently issued an alert regarding usernames and passwords from colleges and universities located in the U.S. being found on sale at Russian cybercriminal forums.
  • Additionally, the information includes VPN access to higher education organizations in the U.S.
  • In some cases, the seller has posted a screenshot proving that the credentials are authentic.
  • The price varies between a few U.S. dollars and thousands.

How are credentials obtained?

Credential harvesting is generally done by spear-phishing, ransomware, or other types of cyber intrusions. Additionally, the credentials are often obtained from breaches at different online services.

Recent data breaches at U.S. schools

  • A few days ago, the Chicago Public Schools (CPS) suffered a data breach that compromised the personal information of more than 56,000 employees and 500,000 students.
  • A few weeks ago, the NYSED disclosed that 565 schools in the state, including 1 million current and former students, had their data compromised in an attack on the common vendor, Illuminate Education.

What to do?

The FBI recommends colleges and universities pay special attention to connections via remote desktop protocols, which is a frequent target for hackers. Further, keep all OS and software up-to-date, and implement user training programs and phishing exercises for faculty and students to raise awareness.

Cyware Publisher