Cyberattacks have been a growing problem at colleges and universities, which house sensitive data and may not always prioritize implementing the latest cybersecurity improvements. In recent years, colleges that have fallen victim to cyberattacks have paid hundreds of thousands of dollars to regain access to hijacked servers or have had to cancel classes for days as they attempted to bring operations back online. Some have even faced lawsuits over data breaches.
The FBI said in a May 26 notification that it has discovered several incidents where stolen higher education credentials were advertised. In January, Russian cybercriminal forums listed network credentials to U.S. colleges for sale and even uploaded screenshots for some as proof of access. The credentials were listed for up to several thousand dollars, according to the FBI.
Similarly, in May 2021, the FBI discovered that more than 36,000 email and password combinations for accounts ending in .edu were available on a public instant messaging platform. And in late 2020, a seller on the dark web listed about 2,000 unique usernames and passwords for higher education accounts.
If attackers purchase the login information and successfully breach user accounts, they may try to drain them of stored value, sell credit card numbers, sell personal information or engage in fraudulent transactions.
The FBI recommends that colleges take several measures to ward off such attacks. One of the most efficient is regularly checking for software updates and prioritizing installation of patches to address known vulnerabilities. Colleges can also implement training programs to help students and employees understand the risks of clicking on suspicious links or email attachments. And institutions should require multifactor authentication, especially for accounts that access critical systems or email.
In addition, the agency called out the importance of network segmentation, a security effort that divides a computer network into smaller parts. This helps prevent ransomware attacks that can easily bring an entire network down.
Meanwhile, cyberattacks against colleges have continued in recent months.
Attacks against at least two colleges disrupted the final days of their spring terms. At one, Kellogg Community College in Michigan, an attack forced the institution to close all five of its campuses and cancel classes. At another, Austin Peay State University in Tennessee, administrators canceled a day of final exams due to a cyber incident.
Get the free daily newsletter read by industry experts
This Trendline examines how colleges are adapting their mental healthcare to pandemic-era constraints.
Competitive pay and work schedules are important to attracting and retaining employees, according to a new ACE report. But so is valuing employees' time.
Subscribe to Higher Ed Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
This Trendline examines how colleges are adapting their mental healthcare to pandemic-era constraints.
Competitive pay and work schedules are important to attracting and retaining employees, according to a new ACE report. But so is valuing employees' time.
The free newsletter covering the top industry headlines
