The FBI on Friday said that thousands of compromised credentials harvested from US college and university networks are circulating on online crime forums in Russia and elsewhere—and could lead to breaches that install ransomware or steal data.
“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publicly accessible forums,” the agency said. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.”
Login names and passwords are routinely harvested in phishing attacks, which may use fake claims of an account breach or a COVID-themed pitch to lure victims. Often, the threat actors who conduct these attacks sell the data on crime forums. The data can then be scooped up by fellow threat actors who focus on server infections for purposes of ransomware, cryptojacking, or espionage.
This post has been read 56 times!