For Sale: Academic Credentials

Uploaded on 2022-06-23 in NEWS-Cybersecurity News, JOBS-Training, GOVERNMENT-Law Enforcement, FREE TO VIEW

The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.

The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces.

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organisations. Cyber actors continue to conduct attacks against US colleges and universities leading to the exposure of user information on public and cyber criminal forums.

Credential harvesting against an organisation is often a result of spear-phishing, ransomware, or other cyber intrusion tactics.

According to the FBI, the credentials were discovered in January of this year for sale on a Russian cybercrime forum. The credentials pertained to several American universities and colleges across the country. The FBI reported that prices ranged from a few dollars to multiple thousands.

The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.

The FBI notification also mentioned that the exposure of such sensitive credential and network access information is very detrimental to the institutions as it could lead to cyberattacks against individual users or affiliated organisations.

Higher education institutions should be wary of the threat and change passwords, as well as be diligent with security measures such as two factor authentication. Attackers could attempt to breach credit cards or gain access to other personally identifiable information, submit fraudulent transactions on behalf of the institution, exploit other criminal activity, or launch subsequent attacks.

The FBI explained that the credentials were obtained via spear-phishing, ransomware, or cyber intrusion tactics. To mitigate these threats, the document called for colleges, universities, and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.

IC3:       Malwarebytes:   Oodaloop:      Infosecurity MagazineFBI Cyber Div:   TEISS:      Campus Technology

You Might Also Read: 

Beware Of Credentials Phishing:

 

« Axonius Brings Its Platform To AWS Marketplace
Cyber Attack On US Children's Hospital »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Exabeam

Exabeam

Exabeam provides security intelligence and management solutions to help organizations of any size protect their most valuable information.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.