The FBI Gives This Recommendation To Protect Data From Hackers Who Steal User Credentials
JAKARTA - The FBI has just discovered cybercriminals who continue to carry out attacks on US colleges and universities that lead to the disclosure of user information in public forums and cybercriminals.
Earlier this year, network credentials and virtual private network access to several US universities were offered for sale on a Russian cybercrime forum. The prices listed also vary from up to thousands of US dollars.
In 2020, 2,000 University credentials listed in the US are for sale on the Dark Web and the public web.
The FBI therefore recommends that colleges, universities, and all academic entities establish and maintain strong liaison relationships with the FBI Field Offices in their areas.
Through this partnership, the FBI can help identify vulnerabilities to academics and reduce potential threat activity.
The FBI further recommends that academic entities review and, if necessary, update an incident response and communication plan that outlines the actions the organization will take if affected by a cyber incident.
In addition, consider the following mitigation strategies to reduce the risk of compromise:
Keep all operating systems and software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Check for software updates and end-of-life notices (EOL) regularly, and prioritize patching vulnerabilities that are known to be exploited. Automated security scanning and testing software where possible. Implement user training programs and phishing drills for students and faculty to raise awareness about the risks of visiting suspicious websites, clicking suspicious links, and opening suspicious attachments. Requires strong and unique passwords for all accounts with password logins. Avoid reusing passwords across multiple accounts or stored in a system where attackers can gain access. Requires multi-factor authentication (MFA), we recommend using a resistant phishing authenticator, for as many services as possible, especially for accounts accessing critical systems, webmail, virtual private networks (VPNs), and privileged accounts managing backups. Reduce credential exposure and implement credential protection by limiting where accounts and credentials can be used and by using local device credential protection features. Segment the network to help prevent unauthorized access by malicious actors or the spread of malware. Identify, detect, and investigate abnormal activity with network monitoring tools that log and report all network traffic, including lateral movement on the network. Use an anomaly detection tool that identifies unusual increases in traffic and failed authentication attempts. Enforce the principle of least privilege through authorization policies. Account privileges must be clearly defined, narrow in scope, and audited regularly for usage patterns. Secure and monitor remote desktop protocol usage. Document the external remote connection. Organizations must document approved solutions for remote management and maintenance, and investigate promptly whether unapproved solutions are installed on workstations.