Research Indicates Zoom Is Being Targeted By Cybercriminals

With many people working from home due to coronavirus, research by Check Point indicates that cyber-criminals may be targeting the video conferencing app ‘Zoom’.

Domains

Cybersecurity company ‘Check Point’ reports witnessing a major increase in new domain registrations in the last few weeks where the domain name includes the word ‘Zoom’.  According to a recent report on Check Point’s blog, more than 1700 new domains have been registered since the beginning of the year with 25 per cent of them being registered over the past week. Check Point’s research indicates that 4 per cent of these recently registered domains have “suspicious characteristics”, such as the word ‘Zoom’.

Concern In The U.S.

The huge rise in Zoom’s user numbers, particularly in the U.S. has also led New York’s Attorney General, Letitia James, to ask Zoom whether it has reviewed its security measures recently, and to suggest to Zoom that it may have been relatively slow at addressing issues in the past.

Not Just Zoom

Check Point has warned that Zoom is not the only app that’s being targeted at the moment as new phishing websites have been launched to pass themselves off as every leading communications application.  For example, the official classroom.google.com website has been impersonated by googloclassroom.com and googieclassroom.com.

Malicious Files Too

Check Point also reports detecting malicious files with names related to the popular apps and platforms being used by remote workers during the coronavirus lockdown.  For example, malicious file names observed include zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# is used here to represent digits). Once these files are run, InstallCore PUA is loaded onto the victim’s computer.  InstallCore PUA is a program that can be used by cyber-criminals to install other malicious programs on a victim’s computer.

Suggestions

Some ways that users can protect their computers/devices, networks and businesses from these types of threats, as suggested by Check Point, include being extra cautious with emails and files from unfamiliar senders, not opening attachments or clicking on links in emails (phishing scams), and by paying close attention to the spelling of domains, email addresses and spelling errors in emails/on websites.  Check Point also suggests Googling the company you’re looking for to find their official website rather than just clicking on a link in an email, which could redirect to a fake (phishing) site.

What Does This Mean For Your Business?

This research highlights how cyber-criminals are always quick to capitalise on situations where people have been adversely affected by unusual events and where they know people are in unfamiliar territory.  In this case, people are also divided geographically and are trying to cope with many situations at the same time, may be a little distracted, and may be less vigilant than normal.

The message to businesses is that the evidence from security companies that are tracking the behaviour of cyber-criminals is that extra vigilance is now needed and that all employees need to be very careful, particularly in how they deal with emails from unknown sources, or from apparently known sources offering convincing reasons and incentives to click on links or download files.