Hackers Using Fear Over COVID-19 Omicron Strain to Attack US Universities

submitted by AlexJones3 from self.technology

According to research by Proofpoint, a new phishing attack is taking place where attackers are leveraging fear over the spread of the new COVID-19 strain, Omicron, to steal login credentials of accounts at several North American universities. Proofpoint researchers said that the phishing attacks began in October, but they witnessed a sharp increase in November. The emails sent by attackers contain general information about the new COVID-19 variant Omicron and information about testing. Cybercriminals have been using the concern about COVID-19 luring targets with phishing scams since January 2020. Phishing Campain Details In this COVID-19 theme campaign, attackers have targeted various North American universities. The students and faculty receive a phishing email that contains URLs and attachments that harvest login credentials when clicked upon. The landing pages imitate the university’s login portal. In most cases, attackers redirect users to a legitimate university portal page, after which the credentials are harvested.

Such emails are usually subjected as: Attention Required – Information Regarding COVID-19 Omicron Variant The email also contains a link to the university login page Some students have also received emails with COVID-19 test attachments as well. The attachment leads to the university login page, where the credentials are stolen. According to Proofpoint, threat clusters use different methods to distribute these campaigns. In this Omicron COVID-19 variant campaign, attackers are using actor-controlled infrastructure to host fake credential theft university websites using similar domain names. These include:

sso[.]ucmo[.]edu[.]boring[.]cf/Covid19/authenticationedpoint.html sso2[.]astate[.]edu[.]boring[.]cf/login/authenticationedpoint.html Similarly, attachment-based Omicron campaigns use compromised WordPress sites to capture credentials. These include:

hfbcbiblestudy[.]org/demo1/includes/jah/[university]/auth[.]PHP afr-tours[.]co[.]za/includes/css/js/edu/web/etc/login[.]PHP traveloaid[.]com/css/js/[university]/auth[.]php In some campaigns, attackers have also attempted to steal multi-factor authentication passwords, pretending to be Duo. Stealing MFA codes would enable the attackers to bypass the second layer of security.

all 2 comments
sorted by:
top
newinsightfulfun

[–]hennaojichan 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Isn't the whole Covaids thing about FEAR? Of course it is. Why don't we all use the holidays to consider tha whole media bubble for what it is. Did I see this on saidit or somewhere else. Anyway I didn't create it—Delta Omicron is an anagram of Media Control. Big Harma and a few psychopaths are controlling our media and us. There is no pandemic. Let's stop this nonsense before the first people outside New Zealand are sent to internment camps for protesting and refusing to get vaxxed. There are no statistics to even come close to supporting the term pandemic.

[–]chadwickofwv 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

If the University really fears covid that much, then they deserve whatever they get. They are too stupid to exist, and the University's existence should be fixed.