Stolen credentials of US universities advertised all over the web


Criminal forums are full of recently stolen admin-level credentials from various US-based colleges and universities.

Cybercriminals advertise a wide variety of US education institution credentials for sale, the FBI warned. Some credentials are sold on publicly accessible forums.

"This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks against individual users or affiliated organizations," reads the FBI notification.

Painful attacks can turn very sour to universities, as a recent example with Lincoln College, a liberal-arts school, shows. A severe ransomware attack was one of the key reasons behind the institution's closing down.

According to the FBI, credential harvesting is often a byproduct of spear-phishing, ransomware, or other types of attacks. Scammers target education institutions so they can reuse university emails in further attacks.

Emails that belong to universities provide fraudsters with an illusion of trustworthiness they require to fool victims into downloading malware from an infected phishing email.

The FBI claims that the exposure of usernames and passwords can lead to credential stuffing attacks as threat actors take advantage of users recycling the same credentials across multiple accounts.

"If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions […]," FBI's notification reads.

This January, the Bureau spotted the network credentials and virtual private network access to a multitude of identified US-based universities and colleges across the country. The prices for aid credentials on Russian cybercriminal forums go from a few to several thousand dollars.

Favored by cybercriminals

The education sector is among the most targeted by ransomware cartels. A recent report by Sophos shows that only the IT and Finance sectors are targeted more often than education.

A staggering 44% of education institutions claim to have suffered from ransomware in 2021. Hackers succeeded in encrypting data for 58% of victims. More than a third of all victims agreed to pay the ransom.

While the average ransom payment stood at over $112 thousand, the total bill for dealing with the fallout of a cyber attack averaged $2.73 million, a hefty sum for any organization.

One reason why ransomware gangs target universities is that education institutions are often poorly protected against cyber threats.

Universities also have a steady stream of people enrolling every year, enriching databases with credentials and personal information. Hackers target the education sector to harvest that data and later sell it on the dark web.