For Sale: Academic Credentials

The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.

The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces.

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organisations. Cyber actors continue to conduct attacks against US colleges and universities leading to the exposure of user information on public and cyber criminal forums.

Credential harvesting against an organisation is often a result of spear-phishing, ransomware, or other cyber intrusion tactics.

According to the FBI, the credentials were discovered in January of this year for sale on a Russian cybercrime forum. The credentials pertained to several American universities and colleges across the country. The FBI reported that prices ranged from a few dollars to multiple thousands.

The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.

The FBI notification also mentioned that the exposure of such sensitive credential and network access information is very detrimental to the institutions as it could lead to cyberattacks against individual users or affiliated organisations.

Higher education institutions should be wary of the threat and change passwords, as well as be diligent with security measures such as two factor authentication. Attackers could attempt to breach credit cards or gain access to other personally identifiable information, submit fraudulent transactions on behalf of the institution, exploit other criminal activity, or launch subsequent attacks.

The FBI explained that the credentials were obtained via spear-phishing, ransomware, or cyber intrusion tactics. To mitigate these threats, the document called for colleges, universities, and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.

IC3:       Malwarebytes:   Oodaloop:      Infosecurity MagazineFBI Cyber Div:   TEISS:      Campus Technology

You Might Also Read: 

Beware Of Credentials Phishing:

 

« Axonius Brings Its Platform To AWS Marketplace
Cyber Attack On US Children's Hospital »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Aspen Insurance

Aspen Insurance

Aspen is a leading diversified specialty insurance and reinsurance company. Products offered include cyber insurance.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

CyPro

CyPro

CyPro is a cyber security expert firm that specialises in providing cyber security services tailored for high-growth companies at every stage of their journey.