FBI warns US colleges about widespread VPN credential leaks on cyber crime forums

EXECUTIVE SUMMARY: FBI warns US colleges of widespread VPN credential leaks on cyber crime forums.

International cyber crime forums now play host to a wealth of network credentials and Virtual Private Network (VPN) access opportunities. The credentials and access pathways largely belong to employees from US colleges and universities, according to a news alert from the FBI.

The exposure of credentials and network access information can result in cyber attacks against individuals or organizations, says the alert.

The threat: Explained

Cyber criminals haven’t reduced attacks on US colleges and universities. In recent months and years, spear-phishing, ransomware or other cyber intrusion tactics have led to credential harvesting.

As an example of a past attack, hackers managed to spoof a series of .edu login pages, embedding a credential harvester link in phishing emails. In turn, hackers successfully obtained credentials, which were then delivered to the criminals via an automated email from their servers.

In the wake of the coronavirus pandemic, similar attacks designed to harvest university login credentials have posed a substantive threat to university security.

FBI observations

In the alert, the FBI highlighted a number of incidents involving stolen higher education credentials. Cyber criminals have since posted the credentials on publicly accessible online forums or listed them as available for purchase.

In January of 2022, cyber criminals placed the network credentials and VPN access information belonging to several US-based universities and colleges on the dark web. In some cases, the information was posted publicly. Elsewhere, the information was offered

Read more

Explore the site

More from the blog

Latest News