Universities Worldwide are the Target of Phishing Attacks by a Hacking Group Aimed at Stealing Research and Intellectual Property



The Iranian hacker group dubbed Colbalt Dickens has hit over 60 universities around the globe attempting to steal credentials to provide access to sensitive data.

We’ve seen attacks this before, where universities doing research are the target of hacking groups and nation-states. This latest string of phishing attacks, according to security researchers at SecureWorks, is squarely focused on attempting to fool university users into providing credentials:

colbaltdickens01

Users are redirected to a spoofed logon page. Once a user gives up their credentials, they are passed to a valid university website.

Universities in 14 countries have been hit by this campaign, likely indicating that at least the phishing and credential collection portion of the attack is working.

According to SecureWorks, there is no signs that this attack is stopping anytime soon. So, universities should take immediate measures to better secure access to university resources by students and faculty. The implementation of multi-factor authentication for all users of the university network is a prudent step to protect against such attacks. Also important is the use of Security Awareness Training for university employees to help them understand their role in maintaining security, how attacks can occur, how to spot one, and what not to do should they come face-to-face with a spoofed phishing attack like the one above.


Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

Subscribe To Our Blog


Traditional Security Webinar Kevin Mitnick




Get the latest about social engineering

Subscribe to CyberheistNews