Elain Brown Tech 05.27.2022 22:May PM EDT

Russian Cyber Criminal Forums Buy and Sell US College VPN Credentials Like It's Nothing — Sellers Even Ask for Donations

Cybercrime is becoming more rampant as U.S. college VPN credentials are now for sale in Russia's online forums.

In today's report from the FBI, the agency is notifying college institutions in the U.S. of the persistent threat to students whose VPN credentials are exposed.

Attacks are still being carried out by cyber actors against educational institutions in the United States, which often results in the disclosure of user information on public and cybercriminal forums.

Russia's Cybercrime Breach in US Colleges

Having their personal information sold and exposed illegally in public forums could impose huge risks for everyone affiliated with these academic institutions. The disclosure of sensitive credentials and network access information could eventually result in numerous hacks and breaches for the students or anyone affiliated with the organization.

The prices listed on websites that offered user credentials for sale ranged from a few hundred to multiple thousands of U.S. dollars.

In 2017, according to Ars Technica, threat actors launched an attack targeting universities to hack.edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails. Following the successful harvesting of credentials, an automated email was then sent to the cybercriminals from their servers containing the stolen information.

According to security researchers, as of December 2021, such strategies have continued to be successful and have even intensified with the use of COVID-themed phishing attacks to steal university login credentials.

This recent exposure of U.S. college students' personal information and credentials is a current example of the continuous breach by Russia's malicious actors.

This exposure may lead to serious trouble for people who do not know that Russian hackers now expose their credentials. It may lead to hackers draining a user's bank account, reselling their credit card number, and exploiting malicious activities.

FBI's Recommendation

After finding out about the illegal activities in these criminal marketplaces, the FBI has also issued recommendations for both institutions and individuals to prevent themselves from being compromised.

According to the FBI, it suggests that all academic institutions, including colleges, universities, and other academic organizations, establish and continue to maintain strong liaison relationships with the FBI Field Office in their respective regions.

Another recommendation the agency encourages is to establish lockout rules for incorrect password attempts and mandate that secure, one-of-a-kind passwords be used for all of the accounts that require password logins. They highly recommend individuals avoid using the same password for multiple accounts or storing it anywhere on the system where an attacker could potentially access it.

Furthermore, the FBI also encourages multi-factor authentication (MFA), preferably using authenticators that are resistant to phishing. This is especially important for every account to manage backups, webmail, VPNs, and critical system access accounts.

Lastly, users can lessen the risk of credential compromise and strengthen their protection by limiting the locations in which accounts and credentials can be used and by using the credential-protection features available on local devices.