The FBI found that the VPN certificates of American universities were sold on the Russian cyber crime forum, and the stolen login certificates of university networks and servers may be used for extortion software, harpoon fishing, encryption hijacking or espionage. Even credential filling attacks, which usually have a success rate of less than 1%, can become a serious problem when it comes to tens of thousands of stolen passwords.
According to a new report of the Federal Bureau of investigation, cyber criminals are stealing the login credentials of American university networks. These vouchers are then sold to other criminals or used for voucher filling attacks, that is, attackers use victims to reuse the same vouchers on multiple websites, especially banking services.
In 2017, the agency found that cyber criminals cloned the University's login page and embedded a link to a credential collection tool in phishing emails. The collected credentials are then sent to the hackers from their servers via automated e-mail. Credential collection can also be a by-product of other cyber attacks, such as harpoon phishing or ransomware.
Earlier this year, the network credentials and virtual private network access rights of many American universities were sold at the Russian cybercrime forum. Prices are listed in thousands of dollars.
Last year, more than 36000 users were found on a public instant messaging platform The email address of the edu top-level domain name and its associated password. The previous year, the agency found about 2000 certificate pairs on the dark Internet, and the seller asked for payment to its bitcoin wallet.
The document also outlines some strategies that colleges and universities can adopt to reduce the possibility of such attacks.