The FBI released a Private Industry Notification informing US colleges and universities that login credentials are publicly available for sale on criminal marketplaces and online forums. The notification cites an evolution of attacks against universities starting in 2017. Criminals cloned university home pages and used them in phishing campaigns for credential harvesting. Instead of using the credentials themselves, the criminals put them up for sale on the web. The FBI says criminals use the bought credentials to create new phishing campaigns with a trusted email address, log into other online services if the password is recycled and leverage the accounts for credit card numbers or other personally identifiable information.
Colleges and universities are a desirable target because of the combination of personally identifiable information, financial information, and cutting-edge research data which can all be exploited by attackers. Cyberattacks on colleges and universities increased during the pandemic but are still going strong as the sector is a popular victim among criminals. The average higher education ransomware payout is $112,000, but the actual cost to recover from the incident is $2.7 million to recover data and get students and employees working again.
The cost is so high it put one 157-year-old college out of business this year. Lincoln College in Illinois was already facing enrollment issues from the pandemic, but a ransomware attack in December pushed them over the edge. The attackers blocked access to data, which stopped the college’s ability to recruit, fundraise, and register students for classes. Even though they paid the ransom, the total cost of recovery was too much for them to continue to stay open.
The FBI notification urges higher education institutions to “…establish and maintain strong liaison relationships with the FBI Field Office in their region. Through these partnerships, the FBI can assist with identifying vulnerabilities to academia and mitigating potential threat activity.”
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
