Cybercriminals use Omicron as a lure to steal university credentials
University students are being targeted in a series of new credential phishing campaigns that leverages Covid-19 and now the new Omicron variant as lures.
Throughout the pandemic, the cybersecurity firm Proofpoint has observed Covid-19 being used as a lure in phishing emails. However, beginning in October, it identified email-based threats specifically targeting university students in an attempt to steal their credentials.
The Covid-19 themed campaigns that employ Omicron variant lures include thousands of messages targeting students at dozens of universities across North America.
The phishing emails used in these campaigns contain either malicious attachments or URLs to pages intended to harvest credentials for university accounts. These fake landing pages typically imitate a university’s official login portal though Proofpoint has observed some campaigns that feature generic Office 365 login portals.
Targeting university students
According to a new blog post, Proofpoint has identified multiple threat clusters using Covid-19 themes to target universities using different tactics, techniques and procedures in addition to multiple delivery messages.
In some of these campaigns, the threat actors behind them attempted to steal multifactor authentication (MFA) credentials by spoofing MFA providers such as Duo. By stealing MFA tokens, an attacker can bypass the second layer of security designed to keep out threat actors who already have access to a victim’s credentials.
Although many of the messages used in these campaigns are sent via spoofed senders, Proofpoint has also observed threat actors leveraging legitimate, compromised university accounts to send Covid-19 themed threats. It’s likely the case that attackers are stealing credentials from universities and using compromised mailboxes to send the same threats to other universities.
Unfortunately, as colleges and universities provide and require testing for students, faculty and other workers traveling to and from campus during and after the holiday season, these campaigns will likely increase over the next two months.
To prevent falling victim to these or any other email-based threats, university students should carefully check the email addresses of the messages they receive, avoid clicking on any links in suspicious emails and not log into their school’s online portal after clicking on links in emails that appear to have originated from their university or college.
Go to Source