New Zealand university is exploited after convincing ruse fools four staffers
A cunning spear phishing attack late last week allowed hackers to gain access to the University of Otago's staff email server and use it to send out an estimated 1.55 million spam emails in 60 hours.
According to news reports from Otago about the breach, four members of the university's staff responded to emails that claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.
Armed with these login details, hackers could compromise an email server within "a couple of hours", according to university IT manager Mike Harte, using it to connect to computers outside the university and send out spam.
The huge volume of spam mail resulted in the university's legitimate emails being rejected or delayed by other systems, Harte said. They were re-sent once the spam attack was over.
The four staff members who revealed their passwords were not disciplined, Harte said. The staffers had been warned in April not to fall for the hoax emails, after similar emails turned up at some New Zealand universities.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024