FBI claims VPN credentials of US universities are being sold on Russian cybercrime forums
According to a new report by the FBI, cybercriminals are stealing login credentials to the networks of US-based colleges and universities. These are then sold to other criminal actors or used for credential stuffing attacks, whereby attackers take advantage of victims who reuse the same credentials across multiple websites, most notably banking services.
In 2017, the agency found cybercriminals cloning university login pages and embedding a credential harvester link in phishing emails. The gathered credentials were then sent to them through an automated email from their servers. Credential harvesting can also be a byproduct of other cyberattacks, such as spear-phishing or ransomware.
Earlier this year, network credentials and virtual private network accesses to multiple universities in the US were being offered for sale on Russian cybercrime forums. The prices listed were ranging up to thousands of dollars. Last year, over 36,000 email addresses using the .edu TLD and their associated passwords were discovered on a publicly-available instant messaging platform.