US College VPN Credentials for Sale on Russian Crime Forums, FBI Says

by
hubie
from SoylentNews on (#5ZYHC)

Freeman writes:

Trafficked data could lead to subsequent attacks, agency warns:

The FBI on Friday said that thousands of compromised credentials harvested from US college and university networks are circulating on online crime forums in Russia and elsewhere-and could lead to breaches that install ransomware or steal data.

[...] Login names and passwords are routinely harvested in phishing attacks, which may use fake claims of an account breach or a COVID-themed pitch to lure victims. Often, the threat actors who conduct these attacks sell the data on crime forums. The data can then be scooped up by fellow threat actors who focus on server infections for purposes of ransomware, cryptojacking, or espionage.

[...] "The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publicly accessible forums," the agency said.

[Ed. question: Is username/password the primary way VPN access is given at these schools with thousands of transient students from all over the world? Wouldn't requiring a physical token, such as adding PKI certs to their student ID cards, be a far superior and secure solution? --hubie]

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments