- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
US Academic Credentials Displayed in Public and Dark Web Forums
The cyber division of the Federal Bureau of Investigation (FBI) has published a new Private Industry Notification, warning US colleges and universities that higher education credentials have been advertised for sale on online criminal marketplaces and publically accessible sites.
According to the FBI data, as of January 2022, Russian cyber-criminal forums offered access to credentials from several US-based universities and colleges across the country, with prices ranging from a few to multiple thousands of US dollars.
The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicaly available instant messaging platform.
The Private Industry Notification also highlighted that the exposure of such sensitive credential and network access information could lead to cyber-attacks against individual users or affiliated organizations, particularly in the case of privileged user accounts.
“If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder or use for subsequent attacks against affiliated organizations,” read the document.
Further describing the threat, the FBI paper explained that credential harvesting against organizations is often caused by spear-phishing, ransomware or other cyber intrusion tactics.
To mitigate these threats, the document called for colleges, universities and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.
Moreover, the Bureau issues a number of additional recommendations, including keeping all systems and software up-to-date, implementing user training programs and phishing exercises for students and faculty members and implementing strong password hygiene measures.
A full list of the recommendations is available in the Private Industry Notification’s original text.
The publication of the document is indicative of a wider issue related to data breaches in US universities, particularly during the pandemic.