New Zealand university is exploited after convincing ruse fools four staffers
A cunning spear phishing attack late last week allowed hackers to gain access to the University of Otago's staff email server and use it to send out an estimated 1.55 million spam emails in 60 hours.
According to news reports from Otago about the breach, four members of the university's staff responded to emails that claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.
Armed with these login details, hackers could compromise an email server within "a couple of hours", according to university IT manager Mike Harte, using it to connect to computers outside the university and send out spam.
The huge volume of spam mail resulted in the university's legitimate emails being rejected or delayed by other systems, Harte said. They were re-sent once the spam attack was over.
The four staff members who revealed their passwords were not disciplined, Harte said. The staffers had been warned in April not to fall for the hoax emails, after similar emails turned up at some New Zealand universities.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024