Global Phishing Campaign Targets Universities

Researchers at Secureworks’ Counter Threat Unit (CTU) have been tracking a major phishing campaign that’s using library-themed emails to target more than sixty universities around the world. Secureworks attributes the campaign to “Cobalt Dickens,” a threat group associated with the Iranian government.

Last year, the US Justice Department indicted nine members of this group for hacking more than three hundred universities across twenty-two countries. The researchers note that neither the indictment nor the publicity appears to have fazed the group, and Cobalt Dickens has since expanded its operations.

“As of this publication, CTU researchers observed COBALT DICKENS targeting at least 380 universities in over 30 countries,” they write. “Many universities have been targeted multiple times. The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity.”

Cobalt Dickens’ current operation is using phishing emails informing recipients that they need to log in to their university account to access a library resource. The emails contain links to phishing pages that convincingly imitate the particular university’s login page. Once a victim has entered their credentials, the site will redirect them to the school’s real login page, so the victim may not even realize they’ve been phished.

Most people assume they aren’t important enough to be targeted by state-sponsored hackers, but universities, companies, and of all types and sizes can be targeted by advanced attacks. Universities offer access to valuable intellectual property, financial information, and personal data that can be used in further attacks.

Secureworks recommends that all universities implement multi-factor authentication to combat these threats, stating that the risk of using passwords alone outweighs the inconvenience of an extra step for security. New-school security awareness training can help people realize the importance of using multi-factor authentication, as well as teaching them how to recognize phishing attacks.

Secureworks has the story: https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again

Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

Here's how it works: