FBI claims VPN credentials of US universities are being sold on Russian cybercrime forums

Tudor Cibean

Posts: 119   +8
Staff
Why it matters: Stolen login credentials to university networks and servers could get used for ransomware, spear-phishing, cryptojacking, or espionage. Even credential stuffing attacks, which usually have a success rate lower than 1 percent, become a serious problem when talking about tens of thousands of stolen passwords.

According to a new report by the FBI, cybercriminals are stealing login credentials to the networks of US-based colleges and universities. These are then sold to other criminal actors or used for credential stuffing attacks, whereby attackers take advantage of victims who reuse the same credentials across multiple websites, most notably banking services.

In 2017, the agency found cybercriminals cloning university login pages and embedding a credential harvester link in phishing emails. The gathered credentials were then sent to them through an automated email from their servers. Credential harvesting can also be a byproduct of other cyberattacks, such as spear-phishing or ransomware.

Earlier this year, network credentials and virtual private network accesses to multiple universities in the US were being offered for sale on Russian cybercrime forums. The prices listed were ranging up to thousands of dollars.

Last year, over 36,000 email addresses using the .edu TLD and their associated passwords were discovered on a publicly-available instant messaging platform.

A year prior, the agency found approximately 2,000 credential pairs listed on the dark web, with the seller asking for donations to be made to their bitcoin wallet.

The document also outlines some strategies colleges and universities can follow to reduce the likelihood of such attacks.

Permalink to story.

 

Tantor

Posts: 339   +602
Why does the picture show a black man with red digits all over his face? What does that have to do with Russia? Russia is one of the most diverse nations on earth. Unlike the US, Russia never had slavery or institutional discrimination based on race.
Sheesh!
 

TheRealSCDC

Posts: 221   +299
Why does the picture show a black man with red digits all over his face? What does that have to do with Russia? Russia is one of the most diverse nations on earth. Unlike the US, Russia never had slavery or institutional discrimination based on race.
Sheesh!

It's just a picture, for christs sake. RELAX. Don't be so woke.
 

kiwigraeme

Posts: 1,123   +822
Does this really surprise anyone? There isn't a single aspect of life that Russia won't turn into a criminal activity one way or another.

Have you turned into savagepc ? - actually salvagepc is nice synonym name for you .

I know we are beating up on Ruskis - but crims are everywhere - I'm tired of the trope stealing to put bread on the table - most criminals I heard about don't give a toss about their victims ( oh they're rich, they have insurance ) - lots of crims will happily do $20000 damage to your house if they can make $200
When I see police interviewing shoplifters in supermarkets - through an open door - it's not just a liter of milk, bag of rice , carrots , potatoes some cheap bread no most have the best steak , macadamia nuts etc - I sure there are folks stealing to feed their families - but it's rare - as honest folk know food banks exist - go to a farmers market end of day - lots of free or cheap produce - thrown out - or fallen on ground .
Yes Russia crime is more a way of life - given it was often necessary to supplement income under communist times - by taking govt supplies - working elsewhere while getting paid etc
But we have crims in our countries - Most Russians and people in general want to be good citizens
 

Hexic

Posts: 1,238   +1,927
TechSpot Elite
Why does the picture show a black man with red digits all over his face? What does that have to do with Russia? Russia is one of the most diverse nations on earth. Unlike the US, Russia never had slavery or institutional discrimination based on race.
Sheesh!

Calm down, CNN. Not every photo on the Internet is pushing white-washed, racist undertones.
 

scavengerspc

Posts: 2,653   +2,871
TechSpot Elite
salvagepc is nice synonym name for you
:joy:
You wouldn't believe how close you are to the truth of my nic with "salvage" in it.
In the late 90s, I started scooping up old busted PCs and turning them into working PCs. Then I donated them to local libraries and homeless shelters.
I would take anything to add to my collection of parts, and my wife started calling me scavenger. Which obviously became scavengerspc.
 

Thatsdisgusting

Posts: 21   +23
Why does the picture show a black man with red digits all over his face? What does that have to do with Russia? Russia is one of the most diverse nations on earth. Unlike the US, Russia never had slavery or institutional discrimination based on race.
Sheesh!

Sheesh, just registered to say this: comment section of techspot became unbelievably toxic due to all these ruski bots and their BS rising for the past months
 

emmzo

Posts: 635   +835
Sheesh, just registered to say this: comment section of techspot became unbelievably toxic due to all these ruski bots and their BS rising for the past months
Yeah, they play right or left to rile people up, with a focus on "pure and righteous" Russia. Ofc, they have their audience in the West, lots of poorly educated, disgruntled, contrarian people, best known by the Cold War term "useful id!ots".
 

Endymio

Posts: 1,642   +1,642
Yeah, they play right or left to rile people up, with a focus on "pure and righteous" Russia.
Well, China has three million people in slave-labor genocide camps, with standing shoot-to-kill orders for anyone attempting to escape -- but I bet you have a Chinese-made smart phone in your pocket, don't you?
 

emmzo

Posts: 635   +835
Well, China has three million people in slave-labor genocide camps, with standing shoot-to-kill orders for anyone attempting to escape -- but I bet you have a Chinese-made smart phone in your pocket, don't you?
Ups, another one!
 

Old Molases

Posts: 199   +41
This can be the case with low tier VPNs, this is highly unlikely for top tier VPNs such as Ivacy VPN, Express, Nord, Surfshark etc.