New research shows that cybercriminals are using the COVID-19 Omicron variant to target universities and are attempting to steal university login credentials.
Proofpoint explained in its new research report that hackers have used COVID-19 themes to attack higher education institutions throughout the pandemic. Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns. In a press release, Proofpoint said that the threats specifically targeting universities are interesting due to the specificity in targeting and effort to mimic legitimate login portals.
“It is likely this activity will increase in the next two months as colleges and universities provide and require testing for students, faculty, and other workers traveling to and from campus during and after the holiday season, and as the Omicron variant emerges more widely,” Proofpoint said. “We expect more threat actors will adopt COVID-19 themes given the introduction of the Omicron variant.”
The COVID-19 themed campaigns including Omicron variant lures include thousands of messages targeted to dozens of universities in North America. The phishing emails contain attachments or URLs for pages intended to harvest credentials for university accounts, Proofpoint said.
According to the research, the landing pages typically imitate the university’s official login portal, although some campaigns feature generic login portals. In some cases, such as the Omicron variant lures, victims are redirected to a legitimate university communication after credentials are harvested. Proofpoint also noted that in some campaigns, threat actors attempted to steal multifactor authentication (MFA) credentials by spoofing MFA providers. Proofpoint observed this threat actor pivot from Delta variant themed email lures to Omicron themes following the announcement of the new variant.