In recent times, cyber actors carry out attacks against US colleges and universities leading to the exposure of user information on public and cybercriminal forums.
The FBI issued a warning to notify the academic partners of US colleges and universities about the credentials advertised for sale on online criminal marketplaces and publically accessible forums.
These exposed credentials will be used by threat actors to launch attacks against individuals and organizations in the industry. Attackers conduct attacks against the organization by spear-phishing, ransomware, or other cyber intrusion tactics.
“This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations”, alerts the FBI.
The Attacks against Colleges and Universities
The report says, in the year 2017, the cybercriminals targeted universities to hack .edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails. Then the credentials were sent to the cybercriminals in an automated email from their servers.
These strategies have continued and rise up with COVID-themed phishing attacks to steal university login credentials, according to security researchers from a US-based company in December 2021. The disclosure of usernames and passwords can lead to brute force credential stuffing computer network attacks.
In January 2022, Russian cybercriminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access.
FBI report says, in May 2021, over 36,000 email and password combinations for email accounts ending in .edu were identified on a publically available instant messaging platform. It involved in the trafficking of stolen login credentials and other cyber-criminal activities.
In the year 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. Now at present in 2022, the site containing the credentials was no longer accessible.
How to Reduce the Risk of Compromise
- Keep all operating systems and software up to date
- Implement user training programs and phishing exercises for students and faculty to raise awareness
- Require strong, unique passwords for all accounts with password logins
- Implement multi-factor authentication (MFA)
- Segment networks to help prevent unauthorized access by malicious actors or the spread of malware
- Identify, detect, and investigate abnormal activity with network-monitoring tools
- Enforce the principle of least privilege through authorization policies
- Secure and closely monitor remote desktop protocol (RDP)
- Organizations should document approved solutions for remote management and maintenance
Finally, the FBI recommends colleges, universities, and all academic entities establish and maintain strong liaison relations.