FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks

Network credentials and virtual private network (VPN) access for
colleges and universities based in the U.S. are being advertised
for sale on underground and public criminal marketplaces.

“This exposure of sensitive credential and network access
information, especially privileged user accounts, could lead to
subsequent cyber attacks against individual users or affiliated
organizations,” the U.S. Federal Bureau of Investigation (FBI)
said^[1]
in an advisory published last week.

The cyber intrusions against educational institutions involve
threat actors leveraging tactics like spear-phishing and ransomware
to carry out credential harvesting activities. The gathered
credentials are then exfiltrated and sold on Russian cybercrime
forums for prices ranging from a few to thousands of U.S.
dollars.

Armed with this login information, the agency pointed out,
adversaries can proceed to conduct brute-force credential stuffing^[2]
attacks to break into victim accounts spanning different accounts,
internet sites, and services.

“If attackers are successful in compromising a victim account,
they may attempt to drain the account of stored value, leverage or
re-sell credit card numbers and other personally identifiable
information, submit fraudulent transactions, exploit for other
criminal activity against the account holder, or use for subsequent
attacks against affiliated organizations,” the FBI cautioned.

For instance, in May 2021, the agency said it found more than
36,000 email and password combinations for email accounts ending in
“.edu” domain publicly available on an instant messaging platform
shared by a group that specialized in the trafficking of stolen
login credentials.

To mitigate such threats, academic entities are urged to keep
operating systems and software up to date, raise awareness about
phishing, secure accounts with two-factor authentication, monitor
remote access, and implement network segmentation to prevent the
spread of malware.