Researchers at Check Point have observed a drastic rise in the number of 'Zoom' domains registered in the last week. Since the advent of the COVID-19 pandemic in January, 1700 new domains containing the word 'Zoom' have been documented: 25% (425 domains) of which were registered in the past 7 days alone (at time of writing). Check Point deems 70 of these domains as suspicious.
The numbers reinforce the trend of hackers taking advantage of millions now working from home through Zoom, the popular video conferencing service used by over 60% of the Fortune 500.
In addition, Check Point Research observes new phishing websites for each one of the leading communication applications, including googloclassroom\.com and googieclassroom\.com, which impersonate the official classroom.google.com website.
Malicious Zoom files
Check Point also detects malicious files with names such as 'zoom-us-zoom_##########.exe'. The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer, and could potentially lead to additional malicious software installation. InstallCore is a potentially unwanted application that installs other potentially unwanted applications and threats onto the computer.
“We see a sharp rise in the number of Zoom domains being registered, especially in the last week,” says Omer Dembinsky, manager of Cyber Research at Check Point. “The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.”
Zoom security flaw
In January 2020, Check Point published a research report proving that Zoom had a security flaw. The research showed how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Consequently, Zoom was forced to fix the security breach and change some of its security features, such as mandating scheduled meetings to automatically be protected by a password. The same researchers who conducted the research study published general Zoom Safety Guidelines (https://blog.checkpoint.com/2020/03/26/whos-zooming-who-guidelines-on-how-to-use-zoom-safely/) for people working from home.
How to stay safe
Check Point recommends the following safety tips to protect against Zoom phishing attempts:
1. Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts. The cure for coronavirus will not arrive via email.
2. Don’t open unknown attachments or click on links in the emails.
3. Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.
4. Ensure you are ordering goods from an authentic source. One way to do this is not to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
5. Protect your organisation with a holistic, end-to-end cyber architecture, to prevent zero-day attacks.
6. 90% of cyber-attacks start with a phishing campaign. Are you doing enough to protect your organisation’s attack vectors? Read the white paper Humans are Your Weakest Link (https://pages.checkpoint.com/phishing-attacks-put-your-business-at-risk.html) to discover the daily risk of phishing emails.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version