Cybercriminals were likely able to gain access to the login information through a practice known as credential harvesting, the FBI said, which is often done through “spear-phishing, ransomware or other cyber intrusion tactics.” Those credentials could then be used en masse through “brute-force credential stuffing,” where attackers attempt to use the credentials on a number of sites.
In its advisory, the FBI recommends higher education institutions “establish and maintain” relationships with local FBI offices. The agency also made several recommendations around good cyber hygiene, including keeping operating systems and software up to date, training students and faculty on best practices, requiring multifactor authentication, and using “anomaly detection tools” to spot irregularities on networks.
As ransomware attacks on colleges and universities have swelled, experts continue to recommend a broad-based approach to cybersecurity, including endpoint protection and zero-trust architecture.
