The FBI warned on May 26, 2022 that thousands of compromised credentials harvested from US college and university networks are circulating on online crime forums in Russia and elsewhere, and could lead to subsequent cyber attacks against individual users or affiliated organizations. “Credential harvesting against an organization is often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics”, says the alert.
- As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access.
- In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were identified on a publicly available instant messaging platform.
- In late 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. The seller listed approximately 2,000 unique usernames with accompanying passwords.
The FBI alert offered recommendations:
- Keep all operating systems and software up to date.
- Implement user training programs and phishing exercises for students and faculty to raise awareness.
- Require strong, unique passwords for all accounts.
- Require multi-factor authentication (MFA).
- Restrict where accounts and credentials can be used.
- Segment networks to help prevent unauthorized access.
- Identify, detect, and investigate abnormal activity with network-monitoring tools.
- Use anomaly detection tools.
- Enforce principle of least privilege through authorization policies.
- Secure and closely monitor remote desktop protocol (RDP) use.
- Document external remote connections.
Read more about it here.