Skip to main content

FBI claims VPN credentials of US universities are being sold on Russian cybercrime forums

posted onMay 29, 2022
by l33tdawg
Flickr
Credit: Flickr

According to a new report by the FBI, cybercriminals are stealing login credentials to the networks of US-based colleges and universities. These are then sold to other criminal actors or used for credential stuffing attacks, whereby attackers take advantage of victims who reuse the same credentials across multiple websites, most notably banking services.

In 2017, the agency found cybercriminals cloning university login pages and embedding a credential harvester link in phishing emails. The gathered credentials were then sent to them through an automated email from their servers. Credential harvesting can also be a byproduct of other cyberattacks, such as spear-phishing or ransomware.

Earlier this year, network credentials and virtual private network accesses to multiple universities in the US were being offered for sale on Russian cybercrime forums. The prices listed were ranging up to thousands of dollars. Last year, over 36,000 email addresses using the .edu TLD and their associated passwords were discovered on a publicly-available instant messaging platform.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th