http://www.digitaljournal.com/tech-and-science/technology/cobalt-dickens-attacks-on-rise-and-aimed-at-universities/article/557856

Cobalt Dickens attacks on rise and aimed at universities Special

Posted Sep 14, 2019 by Tim Sandle
A new Cobalt Dickens phishing campaign has been targeting universities. To understand the implications behind this, security expert Peter Goldstein, CTO and co-founder of Valimail provides some analysis.
A man looking for a network on his laptop.
A man looking for a network on his laptop.
Jacob Bøtter (CC BY 2.0)
A new massive phishing campaign has been discovered, which has been targeting dozens of universities across the globe, including almost 80 in the U.S. The phishing attack sees victims redirected to spoofed login pages, where their passwords are stolen.
With the attacks, several spoofed domains reference the targeted universities' online library systems, showing the threat actors' intent to gain access to academic resources and data. Universities are a high-profile target for government-backed hackers interested in propriety research.
The Cobalt Dickens campaign uses some of the same infrastructure as the Iranian hackers allegedly used against the U.S. in March 2018. According to the Cyberscoop, the hack has a strong link to Tehran.
Commenting on the phishing attacks, Peter Goldstein, CTO and co-founder, Valimail says: “The latest phishing attacks by the Cobalt Dickens hacking group highlight that a convincing phishing email executed from anywhere in the world can be an extremely effective and detrimental attack vector.”
In terms of how universities are being targeted, Goldstein explains that: “By impersonating online library services and directing users to a seemingly legitimate URL requesting login details, Iranian hackers are attempting to steal academic research and other valuable data from universities around the world.”
As to what preventative measures can be taken, Goldstein recommends: “To stop attacks like this, the first essential step is to prevent malicious emails from ever entering inboxes of university employees and students. Most email defenses will focus on the content of the messages and the links they contain, but it’s also critical to confirm the identity of the sender.”
As to the specific attacks on academia, he adds: “In this case, the attack could have been stopped by flagging the sender as untrusted — not the real “library services” but an impersonator.”
Goldstein explains that by “properly enforcing Domain-based Message Authentication, Reporting and Conformance (DMARC) and implementing advanced anti-phishing solutions that validate senders’ identities can add a crucial defensive layer to keep these attacks at bay.”