The Iranian hacker group dubbed Colbalt Dickens has hit over 60 universities around the globe attempting to steal credentials to provide access to sensitive data.
We’ve seen attacks this before, where universities doing research are the target of hacking groups and nation-states. This latest string of phishing attacks, according to security researchers at SecureWorks, is squarely focused on attempting to fool university users into providing credentials:
Users are redirected to a spoofed logon page. Once a user gives up their credentials, they are passed to a valid university website.
Universities in 14 countries have been hit by this campaign, likely indicating that at least the phishing and credential collection portion of the attack is working.
According to SecureWorks, there is no signs that this attack is stopping anytime soon. So, universities should take immediate measures to better secure access to university resources by students and faculty. The implementation of multi-factor authentication for all users of the university network is a prudent step to protect against such attacks. Also important is the use of Security Awareness Training for university employees to help them understand their role in maintaining security, how attacks can occur, how to spot one, and what not to do should they come face-to-face with a spoofed phishing attack like the one above.