FBI warns colleges: VPN credentials circulating on Russian forums
Network logins and VPN credentials from numerous U.S. colleges and universities are widely available for sale on cybercriminal forums operating out of Russia, according to an FBI alert issued Thursday.
The alert warned that a “multitude” of U.S. schools were featured on these sites as of January, with malicious actors selling directories of stolen credentials for hundreds or thousands of dollars. Harvesting VPN credentials and other login information is often a byproduct of ransomware, spearphishing or another attacks, the FBI said, laying the groundwork for identity theft or future cyberattacks.
“As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access,” the alert read.
Some of the credentials are also freely available online forums. In one instance last May, the FBI found a directory of about 36,000 email and password combinations for accounts ending in “.edu” on what it described as a “publicly available instant messaging platform.”
At least 14 colleges and universities in the United States have been hit by ransomware in 2022, according to Brett Callow, an analyst at the antivirus firm Emsisoft. Ten of those incidents also resulted in malicious actors exfiltrating compromised data. Earlier this month, Tennessee’s Austin Peay State University canceled classes and delayed final exams when a ransomware attack locked students out of their email.
Lincoln University, a small school in Illinois, closed its doors for good May 13, listing a ransomware attack that hobbled its admissions process as a major factor.
Universities, like other organizations, continue to be susceptible to phishing schemes that attempt to leverage current events, such as the COVID-19 pandemic, the FBI said. The alert nods to research published last December by the email security firm Proofpoint that hackers were targeting schools by invoking fears of the omicron variant of the coronavirus.
The FBI alert reminds colleges and universities to take several familiar protective steps, including ensuring that operating systems and other software is updated, implementing multi-factor authentication on as many services as possible, especially VPNs, and requiring strong passwords.