Zoom domains targeted by hackers as use surges with COVID-19

indica News Bureau-

While the world is struggling with the Coronavirus outbreak, many countries have implemented precautionary measures. Schools are being closed, communities are asked to shelter-in-place, and many organizations have enabled their employees to work remotely. As a result, video communication platforms have become a daily norm. As the usage of these platforms increased, staying a step ahead of the unsuspecting audience, cyber criminals have already developed duplicate websites and malware to fool users,

Hackers are utilizing the popularity of the videoconferencing platform Zoom during the COVID-19 pandemic, targeting the platform with cyberattacks to install malware, according to recent Check Point research.

A report published by Check Point said, “During the past few weeks, we have witnessed a major increase in new domain registrations with names including “Zoom”, which is one of the most common video communication platforms used around the world. Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week. Out of these registered domains, 4% have been found to contain suspicious characteristics. However, Zoom is not the only application targeted by cyber criminals. New phishing websites have been spotted for every leading communication application, including Google Classrooms.”

“We see a sharp rise in the number of ‘Zoom’ domains being registered, especially in the last week,” said Omer Dembinsky, Manager of Cyber Research at Check Point.

“The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure, and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap”, added Dembinsky.

New York’s Attorney General Letitia James sent a letter to the company asking what, if any, new security measures it’s put in place to handle the increased traffic.

Cases of video sessions being hijacked

Some Zoom users have complained that a screen-sharing feature in the app has been misused by hackers to disrupt online meetings with inappropriate messages. Last week, a Zoom webinar on antisemitism was hijacked by a hacker who used the opportunity to show a swastika tattoo, the Telegraph reported.

The FBI is also warning that hackers have been able to hijack meetings and educational sessions on the app over the last few weeks.

The FBI’s Boston field office issued a press release Monday saying that the agency “has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.”

“As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts,” the press release says.

The agency said two different online classrooms in Massachusetts were targeted in recent incidents. A high school class was interrupted by an unidentified person who “yelled profanity and then shouted the teacher’s home address in the middle of an instruction.”

The letter referred to Zoom as an essential and valuable platform, but also noted the company has been slow to address security flaws.

With over 74,000 customers and 13 million monthly active users, Zoom is one of the most popular cloud-based enterprise communication platforms that offers chat, video and audio conferencing, and options to host webinars and virtual meetings online.

The popularity of Zoom has shot up significantly in recent weeks as millions of students, business people, and even government employees across the world are forced to work and socialize from home during the coronavirus pandemic.

The report comes following a significant increase in the number of malicious coronavirus-related domains, with bad actors finding new ways to profit off the global health concern to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps.

What’s more, the researchers said they detected malicious files with the name “zoom-us-zoom_##########.exe,” which when executed, installed potentially unwanted programs (PUPs) such as InstallCore, a dodgy bundleware application that’s known to install other kinds of malware.