PLC 4ever
Related Articles
According to the FBI, Russian crooks sell network credentials and virtual private network access for a “variety” of US universities and colleges in criminal marketplaces.
These stolen credentials are being sold for thousands of dollars on both the dark web and public internet forums, according to an alert issued Thursday, and could lead to subsequent cyberattacks against individual staff members or the schools themselves.
“Disclosure of usernames and passwords can lead to brute force credential stuffing computer network attacks, where attackers attempt to log in through different websites or exploit them for subsequent cyberattacks, as criminal actors exploit users sharing the same credentials across multiple accounts and Reuse across websites ‘and services’, the Feds’ warning [PDF] said.
In May 2021, more than 36,000 email and password combinations for email accounts ending in “.edu” were listed for sale on a “public-facing instant messaging platform,” according to the bureau, although it noted that some of these may have been duplicates.
Regardless, it’s high time to reduce passwords — and stop reusing them — and implement multi-factor authentication.
The FBI also cited attacks in 2017 in which cybercriminals cloned university login pages and emailed links to the websites in phishing emails to collect the data of unsuspecting individuals. “Such tactics have continued to prevail, compounded with COVID-themed phishing attacks to steal university credentials, security researchers at a US-based company said in December 2021,” the security alert reads.
Put simply, phishing still works, according to John Gunn, CEO of identity firm Token.
“Phishing is still very effective and has become a numbers game – the more frequent the attacks, the more fatigued and victimized the victims are,” Gunn said The registry. “We see the same approach in stealing business user credentials, underscoring the need for multi-factor authentication and a passwordless approach to access control. No credentials mean nothing for phishing, ending this massive vulnerability.”
The latest FBI alert also comes as US colleges and universities face a surge in ransomware attacks.
In 2021, criminals attacked a total of 26 colleges and universities with ransomware, and 2022 is already on track to match or surpass that number. According to Brett Callow, a threat analyst at Emsisoft, at least 14 college campuses have been hit by ransomware so far this year.
“Education continues to be an attractive target as it’s very rare for a university to focus on its cybersecurity stack as its top priority,” said Brad Hong, customer success manager at penetration testing company Horizon3ai.
“As the majority of higher education institutions in the US, particularly those that are not focused on protecting the intellectual property of their research institutes, do not have the staff or budget to implement next-generation cyber tools to prevent next-generation cyber attacks To fight generation, the effort to pay is several levels lower than any other industry overall,” he said The registryciting a Sophos study that found the retail education sector is associated with the most ransomware attacks across multiple industries.
This report [PDF] also found that 44 percent of all educational institutions surveyed had experienced a ransomware attack. ®
