A new phishing attack, discovered by Proofpoint, is using the Omicron variant of COVID-19 to steal students’ credentials and gain access to accounts. The threat-actors targeting US universities are leveraging the concern around the new virus strain to trick students into opening attachments that lead students to spoofed university login portals. This isn’t an entirely new tactic, as attackers have been using the virus as an attack vector since the pandemic began.
Threat-actors are using subjects lines such as “Attention required – Information Regarding COVID-19 Omicron Variant – November 29” or “COVID test” to lure their victims into opening attachments and entering their login credentials. The researchers explained that, “in some campaigns, threat actors attempted to steal multifactor authentication (MFA) credentials, spoofing MFA providers such as Duo. Stealing MFA tokens enables the attacker to bypass the second layer of security designed to keep out threat actors who already know a victim’s username and password.”
The attackers’ end goal is still unknown, however legitimate login credentials grant them with access to an organisation’s network and infrastructure, leading to larger, more harmful attacks.