For Sale: Academic Credentials

Uploaded on 2022-06-23 in NEWS-Cybersecurity News, JOBS-Training, GOVERNMENT-Law Enforcement, FREE TO VIEW

The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.

The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces.

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organisations. Cyber actors continue to conduct attacks against US colleges and universities leading to the exposure of user information on public and cyber criminal forums.

Credential harvesting against an organisation is often a result of spear-phishing, ransomware, or other cyber intrusion tactics.

According to the FBI, the credentials were discovered in January of this year for sale on a Russian cybercrime forum. The credentials pertained to several American universities and colleges across the country. The FBI reported that prices ranged from a few dollars to multiple thousands.

The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.

The FBI notification also mentioned that the exposure of such sensitive credential and network access information is very detrimental to the institutions as it could lead to cyberattacks against individual users or affiliated organisations.

Higher education institutions should be wary of the threat and change passwords, as well as be diligent with security measures such as two factor authentication. Attackers could attempt to breach credit cards or gain access to other personally identifiable information, submit fraudulent transactions on behalf of the institution, exploit other criminal activity, or launch subsequent attacks.

The FBI explained that the credentials were obtained via spear-phishing, ransomware, or cyber intrusion tactics. To mitigate these threats, the document called for colleges, universities, and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.

IC3:       Malwarebytes:   Oodaloop:      Infosecurity MagazineFBI Cyber Div:   TEISS:      Campus Technology

You Might Also Read: 

Beware Of Credentials Phishing:

 

« Axonius Brings Its Platform To AWS Marketplace
Cyber Attack On US Children's Hospital »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

Bell Canada

Bell Canada

Bell is the leading provider of network and communications services for Canadian businesses and the partner for delivering network, IoT, cloud, voice, collaboration and security solutions.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.