- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
Omicron Scam Targets Universities
Dozens of universities are being hit with a coordinated cyber-attack that uses news of the Omicron variant as a lure to steal login credentials.
Evidence of the malicious phishing campaigns was dredged up from the murky depths of the cyber-criminal underworld by researchers at the cybersecurity firm Proofpoint.
The universities targeted are mostly based in North America and include the University of Central Missouri in Warrensburg, Missouri, and Vanderbilt University, a private research university in Nashville, Tennessee.
Researchers found the phishing emails to be typically themed around testing information and the latest in the line of COVID-19 variants to be discovered. One email subject line used by the attackers was “Attention Required – Information Regarding COVID-19 Omicron Variant – November 29.”
“Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021,” noted researchers.
“Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns.”
Inside the phishing emails are attachments or URLs for pages created to harvest credentials for university accounts. While some campaigns feature generic Office 365 login portals, others include landing pages designed to mimic the official login portal of the targeted university.
To make their malicious emails harder to detect, threat actors behind the campaigns sometimes direct victims to a legitimate university communication after harvesting the credentials.
Campaigns that rely on malicious attachments have leveraged legitimate but compromised WordPress websites to host credential-gathering web pages, including hfbcbiblestudy[.]org/demo1/includes/jah/[university]/auth[.]php and traveloaid[.]com/css/js/[university]/auth[.]php.
In some campaigns, threat actors spoofed multi-factor authentication (MFA) providers such as Duo to steal MFA credentials.
“Stealing MFA tokens enables the attacker to bypass the second layer of security designed to keep out threat actors who already know a victim’s username and password,” wrote researchers.
Recipients of the malicious emails may not be able to tell they are being targeted by cyber-criminals simply by looking at the sender’s address.
Researchers wrote: “While many messages are sent via spoofed senders, Proofpoint has observed threat actors leveraging legitimate, compromised university accounts to send COVID-19 themed threats.”