USC Chief Information Security Officer Gus Anagnos sent a universitywide email on Nov. 2 that acknowledged an increase of cybersecurity threats to universities and businesses.
“A set of cybersecurity attacks that government agencies have recently alerted the public are focused on more than a dozen universities and over 400 U.S. and U.K. medical facilities,” Anagnos wrote in the email.
These emails originate from illegitimate “compromised internal sender accounts” and target universities and hospitals, tricking people into sharing email credentials or downloading “malicious software” on the institution’s computers. To protect themselves against these cybersecurity threats, Anagnos advised students to never click on links from unexpected emails and report any phishing emails to phishing@usc.edu.
The email also offered informational resources that detail how universities and hospitals, like USC and Keck, have been affected.
According to the articles listed in the email, one example of a cybersecurity threat includes receiving messages from a university account labeled as a Microsoft “system message.” The email offers various links that when clicked on opened a Microsoft credential-harvesting site or set off a malicious code infection.
“What gives the cybercriminals a leg up in this incident is that the header of the email confirms that this phishing email originated from Stanford University servers, allowing the sender to pass Sender Policy Framework (SPF) filtering for university domains, researchers said. SPF is an email authentication method that aims to prevent sender address forgery,” Linsey O’Donnell wrote in a Threat Post article.
These types of attacks were first detected in 2019, however the frequency of such attacks and the number of hijacked accounts has increased in the COVID-19 pandemic with universities being remote.