Russian cybercrime forums are teeming with the network credentials and virtual private network accesses of employees from U.S. colleges and universities, according to a new alert from the FBI.
This week, the FBI said U.S. college and university credentials are being advertised widely across cybercrime forums. In May 2021, the FBI says it found more than 36,000 email and password combinations for email accounts ending in .edu publicly available on instant messaging platforms frequented by cybercriminals.
According to the FBI, most of the credentials stem from spear-phishing, ransomware or other cyberattacks on U.S. colleges and universities that have become more prevalent over the years.
When contacted about cyberattacks and ransomware incidents, U.S. colleges and universities often claim that there is no evidence of data theft or sale. But Emsisoft threat analyst Brett Callow, a ransomware expert tracking attacks on universities and K-12 schools, said 10 of the 13 attacks on colleges this year involved data exfiltration.
Ohlone College, Savannah State University, University of Detroit Mercy, Centralia College, Phillips Community College of the University of Arkansas, National University College, North Carolina A&T University, Florida International University, Stratford University are just a few of the schools attacked with ransomware this year.
The FBI noted that the exposure of sensitive credential and network access information, especially privileged user accounts, “could lead to subsequent cyber attacks against individual users or affiliated organizations.”
“For example, in 2017, cyber criminals targeted universities to hack .edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails.