kras99 - stock.adobe.com

Zoom Domains Targeted by Hackers, as Use Surges with COVID-19

Hackers are banking on the popularity of Zoom during the COVID-19 pandemic, ramping up malicious domains tied to the app; Zoom has also been under fire for privacy concerns.

Hackers are utilizing the popularity of the videoconferencing platform Zoom during the COVID-19 pandemic, targeting the platform with cyberattacks to install malware, according to recent Check Point research.

Use of the cloud-based Zoom platform has skyrocketed during the pandemic, as more users transition into remote work and video conferencing to accomplish daily tasks. There’s also a healthcare-specific platform, which was listed in the platforms the Office for Civil Rights said could handle the expanded telehealth use during the pandemic.

However, Check Point recently discovered a substantial increase in new domain registration names that include “Zoom.” Since the beginning of the year, there have been more than 1,700 new register domains, and 25 percent of those were logged during the last week alone.

And out of those, 4 percent contain suspicious characteristics. Researchers stressed that Zoom is not alone in this targeting, as its researchers have also found new phishing websites for every leading communication application, including Google Classroom.

Check Point has also detected malicious files containing references to Microsoft and Zoom. If these files are opened, they install “InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”

The new research adds to earlier Check Point findings that showed vulnerabilities in the Zoom platform could allow an attacker to join potentially identify and join active meetings. The researchers contacted Zoom, which then disclosed several mitigations, including adding default passwords to all scheduled meetings and blocking repeated attempts to scan for meeting IDs

To protect these sensitive meetings from attack, users should be warned they need to be cautious about emails and files received from unknown senders and about opening unknown attachments or clicking links within emails.

“Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders,” Check Point warned. “Ensure you are ordering goods from an authentic source. One way to do this is not to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.”

“Prevent zero-day attacks with a holistic, end to end cyber architecture,” they added.

The app has also recently come under fire for privacy concerns, after it was discovered Zoom automatically shared data with Facebook. Initially, the platform leveraged the “Login with Facebook” feature with the Facebook Software Development Kit for iOS platforms to help users easily access Zoom.

However, privacy wonks came out in force, claiming the app was automatically sharing user data with Facebook – even if the user did not have an account with the social media platform.

The SDK collected device data, such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space. The function did not collect data and activities from meetings, including attendees, names, notes, and other sensitive data.

But once Zoom determined the collection was occurring and confirmed the data collection was unnecessary for the app to provide services, the SDK was removed from the platform.

“Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser,” Zoom officials explained.

“Users will need to update to the latest version of our application that’s already available at 2:30 p.m. Pacific time on Friday, March 27, 2020, in order for these changes to take hold, and we strongly encourage them to do so,” they added. “We sincerely apologize for the concern this has caused and remain firmly committed to the protection of our users’ privacy. We are reviewing our process and protocols for implementing these features in the future to ensure this does not happen again.”

Hackers have continued to pummel organizations during the pandemic, with reports showing steady increases in phishing attempts and Coronavirus fraud attempts. Europol has warned hackers are increasing targeting of remote workers and healthcare sectors, as well as an increase in DNS hijacking attempts.

The Department of Health and Human Services’ Office of the Inspector General has vowed to crack down on fraud attempts during the pandemic, as the FBI urges organizations to ensure cyber hygiene. WHO and HHS have already been targeted with unsuccessful cyberattacks in the last few weeks.

Next Steps

Dig Deeper on Health data threats