Roundup: University Credentials on the Dark Web and More

by | Jun 3, 2022 | Blogs

Cyberthreats to universities and other educational institutions have been making headlines lately. This week, The Register covered a recent FBI alert on stolen university credentials being sold on the dark web. The credentials are being used against individuals or the institution itself in subsequent cyberattacks – the likes of which have caused at least one university to close completely.

Horizon3.ai’s own Brad Hong, Customer Success Lead, was quoted in The Register’s story:

“The education sector continues to make for attractive targets, as it’s very rare that a university focuses on its cybersecurity stack as its No. 1 priority,” Hong told The Register. “As the majority of colleges in the US, especially ones who are not focused on protecting the intellectual property of their research institutes, have neither the staff nor the budget to implement next-generation cyber tools to combat next generation cyberattacks, the effort to payoff is several tiers lower than any other industry as a whole.”

Hong mentions in the article a recent report sponsored by Sophos, The State of Ransomware in Education 2021, which looks at the prevalence of ransomware in the education sector, its cost, and the ability of the industry to fight back or recover from cyberattacks.

‘The coolest attack path I’ve seen NodeZero execute’

Horizon3.ai CEO and co-founder Snehal Antani shared what he calls “hands-down the coolest attack path I’ve seen NodeZero execute.”

In the attack path, NodeZero starts off as an unauthenticated user on a single host. It then conducts recon and maps the network, discovers a host is exploitable to an HP iLO CVE, exploits HP iLO and dumps credentials from Machine 1, and then reuses the credentials to log into Machine 2. From there, NodeZero discovers the AWS credential in the C drive of Machine 2 and pilfers AWS credentials and logs in as an admin into AWS.

“NodeZero now has the keys to their cloud kingdom,” says Antani.

Why was this cool? Because it’s a real finding among 2,000 hosts at the customer, and no humans were involved – it wasn’t hard-coded or developed ahead of time. It all happened in under two hours alongside other critical findings.

Follow Antani on LinkedIn for more like this.

Horizon3 appears on Security Guy TV  

Next week, the crew at Horizon3.ai will be at RSA Conference in San Francisco. Ahead of the show, Antani sat down with Chuck Harold at Security Guy TV to talk about autonomous pentesting: integrating a find-fix-verify loop.

Heading to the show, we’d love to see you! Check out where we’ll be next week.

Quick hits:

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.