Security News > 2022 > May > FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks
The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars.
Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning different accounts, internet sites, and services.
"If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations," the FBI cautioned.
In May 2021, the agency said it found more than 36,000 email and password combinations for email accounts ending in ".
Edu" domain publicly available on an instant messaging platform shared by a group that specialized in the trafficking of stolen login credentials.
To mitigate such threats, academic entities are urged to keep operating systems and software up to date, raise awareness about phishing, secure accounts with two-factor authentication, monitor remote access, and implement network segmentation to prevent the spread of malware.
News URL
https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html
Related news
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)