The FBI alerts on the leak of identifiers vpn from American universities and colleges, offered for sale on Russian hacker forums.
The Federal Bureau of Investigation (FBI) released a memo a few days ago informing the public of the sale of thousands of credentials belonging to American universities. The data, taken from VPNs used in institutions, was discovered on criminal forums hosted in Russia and elsewhere. Having some idea of the hackers’ motivations, the FBI urges exposed users to exercise caution.
Data for sale on the dark web that can be reused for multiple cybercriminal purposes
Hackers were therefore able to seize user names and passwords allowing them to connect to the virtual private network (VPN) with which American universities are equipped. The first risk reported by the FBI is ransomware, leading to even greater data theft and potentially crippling entire systems.
It must be said that this data leak affects a certain number of privileged accounts, which are all the more sensitive as they can offer hackers access to the entire information system of the trapped establishments. Individual users or university-affiliated organizations can be targeted as well.
In any case, the FBI wants to draw attention to the reuse of data collected by hackers and now offered for sale on cybercriminal forums. Because they can just as well result in a banal phishing attack as in an attempted ransomware intrusion, as we said, or in cryptojacking.
Often, the hackers who steal the data are only motivated by the resulting financial gain. These can sell for a few dollars or thousands of dollars. On the other hand, we know that the user name + password packages for privileged accounts can be sold for exorbitant prices, given the sensitivity of the information to which they provide access.
Universities, among the favorite targets of hackers
The FBI explains that in the event that attackers succeed in compromising a leaked account, “ they may attempt to drain the account of stored value, mine or resell credit card numbers and other personally identifiable information, submit fraudulent transactions, mine data for other activities criminal acts against the owner of the account or to use this information to carry out subsequent attacks against affiliated organizations “.
This is how, in May 2021, the American agency had come across 36,000 combinations of email addresses and passwords of email accounts ending in .edu, a domain reserved for educational institutions. United States. The file was accessible to the public from an instant messenger maintained by regulars in the traffic of stolen login credentials.
In 2020, some 2,000 usernames and .edu account passwords were discovered on the dark web. At the time, hackers demanded to be paid in Bitcoin. In 2017, cybercriminals targeted universities by hacking accounts still in .edu but this time by cloning login pages to university sites, by embedding an information collection link in phishing emails.
Cybersecurity professionals and the FBI recommend that the various IT departments of the exposed universities carry out the latest system and software updates, strengthen account security and monitor remote access, while also maintaining contact with cyber authorities.
Source : FBI
0