Global Phishing Campaign Targets Universities

colbaltdickens02Researchers at Secureworks’ Counter Threat Unit (CTU) have been tracking a major phishing campaign that’s using library-themed emails to target more than sixty universities around the world. Secureworks attributes the campaign to “Cobalt Dickens,” a threat group associated with the Iranian government.
Last year, the US Justice Department indicted nine members of this group for hacking more than three hundred universities across twenty-two countries. The researchers note that neither the indictment nor the publicity appears to have fazed the group, and Cobalt Dickens has since expanded its operations.
“As of this publication, CTU researchers observed COBALT DICKENS targeting at least 380 universities in over 30 countries,” they write. “Many universities have been targeted multiple times. The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity.” 
Cobalt Dickens’ current operation is using phishing emails informing recipients that they need to log in to their university account to access a library resource. The emails contain links to phishing pages that convincingly imitate the particular university’s login page. Once a victim has entered their credentials, the site will redirect them to the school’s real login page, so the victim may not even realize they’ve been phished.

Most people assume they aren’t important enough to be targeted by state-sponsored hackers, but universities, companies, and of all types and sizes can be targeted by advanced attacks. Universities offer access to valuable intellectual property, financial information, and personal data that can be used in further attacks.

Secureworks recommends that all universities implement multi-factor authentication to combat these threats, stating that the risk of using passwords alone outweighs the inconvenience of an extra step for security. New-school security awareness training can help people realize the importance of using multi-factor authentication, as well as teaching them how to recognize phishing attacks.

Secureworks has the story:

How many emails in your organization are exposed?

KnowBe4's Email Exposure Check Pro identifies the at-risk users in your organization by crawling business social media information and scouring hundreds of breach databases, many of them in the Dark Web. This is done in two stages: 

eecFirst Stage: Deep web searches find any publicly available organizational data so you can see what your organizational structure looks like to an attacker.

Second Stage: Finds any users that have had their account information exposed in any of several hundred breaches, using Have I Been Pwned. 

Your EEC Pro Reports: We will email you back a summary report PDF of the number of exposed emails, identities and risk levels found. You will also get a link to the full detailed report of actual users found, including breach name and if a password was exposed. 

Get your report now, it will only take a few minutes and is often an eye-opening discovery!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews