Hackers Now Leveraging New Covid-19 Omicron Anxiety to Target US Universities

Mere days after threat actors ran a phishing campaign in the UK focused on the Omicron Covid-19 strain, spoofing the country's National Health Service, security researchers have now spotted a new malicious campaign, this time on US soil.

The new campaign is once again focused on the concerns that arose in relation to the newly discovered Omicron strain of Covid-19. Unlike the phishing messages used in the UK that were targeting the general population, this new campaign is targeting the students in several higher education schools and universities in the US.

Researchers with security firm Proofpoint reported on the campaign first. The campaign is using pages that spoof both the legitimate pages and login portals of university websites and Office 365 login pages. All the fake web pages have been doctored and tailored to look as close as possible to the legitimate pages of the universities in question - the Vanderbilt, Central Missouri as well as other educational institutions.

The general expectation is that this type of attack will ramp up in volume and affect more universities as with the end of the holiday season, everyone coming back to campus or classes will need to undergo testing.

The forms set up on the fake university or Office 365 portals would simply steal any credentials entered and sometimes even be kind enough to forward the victims to the real, legitimate pages that the campaign is spoofing.

The malicious emails used in the campaign feature subjects that employ basic but effective social engineering tricks. Phrases such as "Attention required" and "Covid test" appear in the subject strings, creating a false sense of urgency and need for immediate attention and action on part of the victim.

In addition to stealing login credentials, the hackers behind this campaign went so far as to try and spoof multi-factor authentication services such as Duo, in the hope of intercepting and stealing authentication tokens.

This is the umpteenth time bad actors have tried to make illegal profits at the expense of people's fears and worries related to the ongoing pandemic. The only thing that can help prevent similar attacks from being wildly successful is extra caution and rigorous fact-checking of everything that ends up in your inbox. Sadly, with the burnout that a lot of people are starting to feel, brought on by the ongoing situation, this may prove increasingly difficult.