For Sale: Academic Credentials

Uploaded on 2022-06-23 in NEWS-Cybersecurity News, JOBS-Training, GOVERNMENT-Law Enforcement, FREE TO VIEW

The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.

The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces.

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organisations. Cyber actors continue to conduct attacks against US colleges and universities leading to the exposure of user information on public and cyber criminal forums.

Credential harvesting against an organisation is often a result of spear-phishing, ransomware, or other cyber intrusion tactics.

According to the FBI, the credentials were discovered in January of this year for sale on a Russian cybercrime forum. The credentials pertained to several American universities and colleges across the country. The FBI reported that prices ranged from a few dollars to multiple thousands.

The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.

The FBI notification also mentioned that the exposure of such sensitive credential and network access information is very detrimental to the institutions as it could lead to cyberattacks against individual users or affiliated organisations.

Higher education institutions should be wary of the threat and change passwords, as well as be diligent with security measures such as two factor authentication. Attackers could attempt to breach credit cards or gain access to other personally identifiable information, submit fraudulent transactions on behalf of the institution, exploit other criminal activity, or launch subsequent attacks.

The FBI explained that the credentials were obtained via spear-phishing, ransomware, or cyber intrusion tactics. To mitigate these threats, the document called for colleges, universities, and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.

IC3:       Malwarebytes:   Oodaloop:      Infosecurity MagazineFBI Cyber Div:   TEISS:      Campus Technology

You Might Also Read: 

Beware Of Credentials Phishing:

 

« Axonius Brings Its Platform To AWS Marketplace
Cyber Attack On US Children's Hospital »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Kobalt.io

Kobalt.io

Kobalt are bringing the monitoring capabilities of enterprise-class security teams to smaller organizations.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

SecurEyes

SecurEyes

SecurEyes is a leading cybersecurity firm that provides specialised services, including cybersecurity assessments, managed services, and governance risk and compliance services.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.