Hackers using omicron, COVID-19 phishing emails to target universities

Threat actors are increasingly using phishing emails related to the COVID-19 pandemic and the new omicron variant to target universities and steal login credentials, new research published Tuesday found.

According to a report from cybersecurity group Proofpoint, hackers have targeted dozens of mostly North American educational institutions, including Vanderbilt University and the University of Central Missouri, with thousands of malicious phishing emails in an attempt to harvest university credentials. 

“Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021,” the report reads. “Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns.”

The emails often imitate the targeted university’s login page, tricking victims into logging into their accounts by sending emails pretending to have university information on the ongoing pandemic. 

In some cases, the threat actors have used legitimate compromised university websites in the phishing emails, with the report noting that “it is likely the threat actors are stealing credentials from universities and using compromised mailboxes to send the same threats to other universities.”

Proofpoint is not able to attribute the activity to any specific group, and was not certain what the motivation behind the attacks was. 

The threat activity is likely to get worse following the holiday season, the report warned, with students traveling and exposed to the threat of COVID-19 and the omicron variant spreading giving a greater opening to the hackers. 

“We expect more threat actors will adopt COVID-19 themes given the introduction of the Omicron variant,” the report reads. 

The COVID-19 pandemic has been exploited from the beginning by hackers as a way to target Americans and others around the world, with email phishing campaigns often seizing on major news targets. 

Universities and K-12 organizations have also become key targets, as classes have moved online due to the pandemic and hackers have been more easily able to disrupt learning and hold educational institutions to ransom, with the University of California system and Howard University among those impacted by ransomware attacks in the past year.