SUBSCRIBE
SUBSCRIBE
EXPLORE +
  • About infoDOCKET
  • Academic Libraries on LJ
  • Research on LJ
  • News on LJ
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Libraries
    • Academic Libraries
    • Government Libraries
    • National Libraries
    • Public Libraries
  • Companies (Publishers/Vendors)
    • EBSCO
    • Elsevier
    • Ex Libris
    • Frontiers
    • Gale
    • PLOS
    • Scholastic
  • New Resources
    • Dashboards
    • Data Files
    • Digital Collections
    • Digital Preservation
    • Interactive Tools
    • Maps
    • Other
    • Podcasts
    • Productivity
  • New Research
    • Conference Presentations
    • Journal Articles
    • Lecture
    • New Issue
    • Reports
  • Topics
    • Archives & Special Collections
    • Associations & Organizations
    • Awards
    • Funding
    • Interviews
    • Jobs
    • Management & Leadership
    • News
    • Patrons & Users
    • Preservation
    • Profiles
    • Publishing
    • Roundup
    • Scholarly Communications
      • Open Access

September 13, 2019 by Gary Price

Report: “Library-Themed University Phishing Attack Expands to Massive Scale”

September 13, 2019 by Gary Price

From ThreatPost:

Indicating a campaign of massive scale, at least 20 new phishing domains targeting more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United Kingdom and the United States have cropped up, bent on lifting credentials from students heading back to school.

The domains are associated with a group of Iranian cyberattackers collectively known as Cobalt Dickens or Silent Librarian. As Threatpost recently reported in a post on the group’s attack tactics, the attackers are looking to use fake, library-themed landing pages to steal students’ credentials, then use those to steal and resell intellectual property, move laterally within organizations, conduct internal phishing and more.

[Clip]

“Metadata in a spoofed login page created on August 1 suggests that Cobalt Dickens sometimes uses older copied versions of target websites,” said CTU researchers, in a posting on Wednesday. “A comment left in the source code indicates it was originally copied on May 1, 2017. However, the university was targeted by numerous Cobalt Dickens operations, including the August 2018 and August 2019 campaigns.”

Read the Complete Article

Source: Secureworks

More From SecureWorks/CTU Posted Cited Above:

For this campaign, the threat actors registered at least 20 new domains targeting over 60 universities in Australia, the United States, the United Kingdom, Canada, Hong Kong, and Switzerland. These domains were registered using the Freenom domain provider, which administers the following free top-level domains (TLDs) unless the domain is considered “special“:

  • .ml
  • .ga
  • .cf
  • .gq
  • .tk

Many of these domains use valid SSL certificates, likely to make the spoofed pages appear authentic. The overwhelming majority of the certificates observed in 2019 were issued by Let’s Encrypt, a nonprofit organization that programmatically issues free certificates. However, past campaigns used certificates issued by the Comodo certificate authority.

Read the Complete Article

More From Dark Reading: “Indictments Do Little to Stop Iranian Group from New Attacks on Universities”

Filed under: Associations and Organizations, Libraries, News

SHARE:

About Gary Price

Gary Price (gprice@gmail.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.

ADVERTISEMENT

Archives

Job Zone

ADVERTISEMENT

Related Infodocket Posts

Andrea Jackson Gavin Appointed Inaugural Program Director of the HBCU Digital Library Trust

Below is the Full Text of the Announcement Letter (via the Harvard Library): We are delighted to announce the appointment of Andrea Jackson Gavin as the inaugural Program Director of the ...

U.S. Census Releases 2020 Data for Nearly 1,500 Detailed Race and Ethnicity Groups, Tribes and Villages

From the U.S. Census: The U.S. Census Bureau today released 2020 Census population counts and sex-by-age statistics for 300 detailed race and ethnic groups, as well as 1,187 detailed American ...

Book Bans Spike by 33% During the Last School Year, According to New Research by PEN America

From PEN America:  The number of public school book bans across the country increased by 33 percent in the 2022-23 school year compared to the 2021-22 school year, according to ...

Penn State Leads Big Ten Academic Alliance Project on Open Homework Systems; ChatGPT Usage is Rising Again as...

AI ChatGPT Usage is Rising Again as Students Return to School (via Bloomberg) EBSCO EBSCO Information Services Pursues Generative Artificial Intelligence (AI) Opportunities Penn State Libraries Penn State Leads Big ...

$800,000 Budget Cut Proposed: West Virginia University Library System Plans to Reduce Staff, Modify Space Amid University Cuts;...

From WCHS: Following the vote to cut 28 majors and more than 100 faculty positions at West Virginia University, the university’s library system could be the next to take the ...

American Library Association (ALA) Releases Preliminary Data on 2023 Book Challenges; Highest Number of Book Challenges Since ALA...

UPDATE LeVar Burton to Lead 2023 Banned Books Week as Honorary Chair (via ALA) —End Update— Below is the full text of a statement released today by the American Library ...

Harris County Libraries Declared a 'Book Sanctuary' Amid State Crackdown; UCLA Library Receives $4.2 Million Political Cartoon Collection...

Acquisitions UCLA Library Receives $4.2 Million Political Cartoon Collection Spanning Centuries (via UCLA  California At 20, San Jose’s MLK Library Remains a Partnership For the Books (via The Mercury News) ...

The Lens Loads Now Open Dataset From Crossref of Retraction Watch Papers; Digital Science Announces Brand Redesign for...

Clarivate Clarivate Unveils Citation Laureates 2023 – Annual List of Researchers of Nobel Class Digital Science Digital Science Announces Brand Redesign for ReadCube and Papers Internet Archive IMLS National Leadership Grant ...

New From AUPresses & Ithaka S+R: "Print Revenue and Open Access Monographs: A University Press Study"

From a Joint News Release: The Association of University Presses (AUPresses) and Ithaka S+R today publish “Print Revenue and Open Access Monographs: A University Press Study.” This report is the ...

Making IIIF Official at the Internet Archive; Exploring Equity on Wikipedia; & More News Headlines

American Library Association (ALA) ALA Introduces New LibGuide on How to Explore and Use Library of Congress Digital Collections In Library Programming ALA ‘s Committee on Library Advocacy Releases Update ...

Journal Article: "Redesigning Research Guides: Lessons Learned from Usability Testing at the University of Memphis"

The article linked below was published today by Information Technology and Libraries (ITAL). Title Redesigning Research Guides: Lessons Learned from Usability Testing at the University of Memphis Authors Jessica McClure ...

University of Illinois: Information Sciences Professor Developing Tool to Make Data Visualizations Accessible to Blind Researchers, Students

From the University of Illinois:  JooYoung Seo, a professor of information sciences at the University of Illinois Urbana-Champaign, is developing a data visualization tool that will help make visual representations of statistical ...

ADVERTISEMENT

FOLLOW US ON TWITTER

Tweets by infoDOCKET

ADVERTISEMENT

This coverage is free for all visitors. Your support makes this possible.

This coverage is free for all visitors. Your support makes this possible.

Primary Sidebar

  • News
  • Reviews+
  • Technology
  • Programs+
  • Design
  • Leadership
  • People
  • COVID-19
  • Advocacy
  • Opinion
  • INFOdocket
  • Job Zone

Reviews+

  • Booklists
  • Prepub Alert
  • Book Pulse
  • Media
  • Readers' Advisory
  • Self-Published Books
  • Review Submissions
  • Review for LJ

Awards

  • Library of the Year
  • Librarian of the Year
  • Movers & Shakers 2022
  • Paralibrarian of the Year
  • Best Small Library
  • Marketer of the Year
  • All Awards Guidelines
  • Community Impact Prize

Resources

  • LJ Index/Star Libraries
  • Research
  • White Papers / Case Studies

Events & PD

  • Online Courses
  • In-Person Events
  • Virtual Events
  • Webcasts
  • About Us
  • Contact Us
  • Advertise
  • Subscribe
  • Media Inquiries
  • Newsletter Sign Up
  • Submit Features/News
  • Data Privacy
  • Terms of Use
  • Terms of Sale
  • FAQs
  • Careers at MSI


© 2023 Library Journal. All rights reserved.


© 2022 Library Journal. All rights reserved.