Cybercriminals are proposing to sell network access credentials for higher education institutions in the United States for thousands of dollars.
This form of marketing can be found on both publicly accessible cybercriminal internet forums and dark web marketplaces.
Thousands of Credentials Are Available for Purchase
The Federal Bureau of Investigation (FBI) has issued an alert regarding Russian cybercriminal sites selling usernames and passwords that grant access to schools and universities in the United States.
Network credentials and virtual private network (VPN) access to “a multiplicity” of higher education organizations in the United States are among the sensitive data.
In other situations, the seller included a screenshot to demonstrate that the credentials grant the desired access.
According to an advisory issued this week by the agency, the cost of such credentials ranges from a few dollars to thousands of dollars.
Phishing is one of the most prevalent ways for cybercriminals to get usernames and passwords. Testing credentials obtained from breaches at various online businesses using emails linked with a higher education organization is likewise a common practice.
The Federal Bureau of Investigation states, “Credential harvesting against a company is often a result of spear-phishing, ransomware, or other cyber intrusion strategies.”
Ransomware gangs frequently exploit network access to acquire access to a victim and engage in lateral movement activity in order to compromise and encrypt valuable hosts in exchange for a ransom payment.
Credentials are frequently advertised and sold by actors who specialize in stealing sensitive information, with costs varying depending on the victim and the type of access.
According to the FBI, a gang suspected of selling login credentials posted more than 36,000 email and password combinations in May of last year.
Tips for safety
Academic institutions should use mitigation techniques to limit the danger of compromise, according to the agency. Checking for end-of-life notices and applying updates as they become available are at the top of the priority list.
Implementing brute-force protection, holding training sessions for students and faculty on how to spot phishing attempts, adopting strong, unique passwords, and using multifactor authentication are all standard guidelines that apply to all companies.
The FBI also recommends limiting where accounts can be used and implementing local device credential security methods to reduce credential exposure.
Malware can be prevented and abnormalities indicative of malicious activity can be detected by using network segmentation and monitoring for aberrant traffic.
Connections via the remote desktop protocol (RDP), which is a common target for hackers, should be given special care.
