In a report released March 30, security software firm Check Point found that cybercriminals are targeting the video communications platform Zoom.
As countries the world over have implemented social distancing and shelter in place orders, the workforce is increasingly moving to telework. The rise in remote working has seen a dramatic spike in the use of video communication platforms, with many companies using Zoom.
“The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit,” said Omer Dembinsky, the manager of cyber research at Check Point.
Check Point said that while video communication platforms have become part of the “daily norm,” cybercriminals “stay a step ahead.” The report discovered a technique that could allow a threat actor to identify and join active Zoom meetings.
Additionally, Check Point said that over the past few weeks it has “witnessed a major increase in new domain registrations with names including ‘Zoom’ … Since the beginning of the year, more than 1700 new domains were registered and 25 percent of them were registered in the past week. Out of these registered domains, four percent have been found to contain suspicious characteristics.” While Zoom is one of the more popular video communication platforms, Check Point noted that cybercriminals are targeting all of the major platforms. “New phishing websites have been spotted for every leading communication application,” the report said.
The team also found “malicious files” with names impersonating Zoom and Microsoft teams. The report said it has found files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe,” with “#” representing various digits. If these files are run by an unsuspecting victim, the “infamous” InstallCore PUA is downloaded on the victim’s computer, which Check Point said, “could potentially lead to additional malicious software installation.”
Dembinsky urged video communication platform users to “take an extra look” at any link or document to make sure “it’s not a trap.”
A spokesperson for Zoom told The Hill that the company “agrees with Check Point that users across all services and technology platforms should be cautious with emails, links or files received from unknown senders, and that users should take care to only click on authentic links or open attachments to known and trusted service providers.” The spokesperson said that “Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name. Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
In its report, Check Point offered steps entities could take to shore up their security. Most suggestions are basic cyber hygiene best practices, while others are more advance recommendations since more and more business processes are becoming digital.
- “Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts.
- Don’t open unknown attachments or click on links within the emails.
- Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.
- Ensure you are ordering goods from an authentic source. One way to do this is not to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
- Prevent zero-day attacks with a holistic, end to end cyber architecture.”