Tuesday morning, the FBI is warning that hackers have been able to hijack meetings and educational sessions on the app over the last few weeks. Hackers are utilizing the popularity of the videoconferencing platform Zoom during the COVID-19 pandemic, targeting the platform with cyber attacks to install malware, according to recent check point research.
Use of the cloud-based Zoom platform has skyrocketed during the pandemic, as more users transition into remote work and video conferencing to accomplish daily tasks. There’s also a healthcare-specific platform, which was listed in the platforms the office for civil Rights said could handle the expanded telehealth use during the pandemic.
However, check point recently discovered a substantial increase in new domain registration names that include “Zoom”. Since the beginning of the year, there have been more than 1,700 new register domains, and 25 percent of those were logged during the last week alone. And out of those, 4 percent contain suspicious characteristics. Researchers stressed that Zoom is not alone in this targeting, as its researchers have also found new phishing websites for every leading communication application including Google Classroom.
Check Point has also detected malicious files containing references to Microsoft and Zoom. If these files are opened, they install “InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”
The new research adds to earlier check point findings that showed vulnerabilities in the Zoom platform could allow an attacker to join potentially identify and join active meetings. The researchers contacted Zoom, which then disclosed several mitigations, including adding default passwords to all scheduled meetings and blocking repeated attempts to scan for meeting IDs.
To protect these sensitive meetings from attack, users should be warned they need to be cautious about emails and files received from unknown senders and about opening unknown attachments or clicking links within emails.
“Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders,” Check Point warned. ”Ensure you are ordering goods from an authentic source. One way to do this is not to click on promotional links in emails, and instead, Google your desired retailer and click the link from the google results page”.
“Prevent zero-day attacks with a holistic, end to end cyber architecture,” they added. The app has also recently come under fire for privacy concerns, after it was discovered Zoom automatically shared data with Facebook. Initially, the platform leveraged the “Login with Facebook” feature with the Facebook software Development Kit for ios platforms to help users easily access Zoom.
However, privacy wonks came out in force, claiming the app was automatically sharing user data with Facebook-even if the user did not have an account with the social media platform.
The Department of Health and Human Services’ Office of the Inspector General has vowed to crack down on fraud attempts during the pandemic, as the FBI urges organizations to ensure cyber cyber hygiene. WHO and HHS have already been targeted with unsuccessful cyber attacks in the last few weeks.
How to avoid hackers?
- Do not make meetings or classrooms public. In zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screen sharing options. In Zoom, change screen sharing to “Host Only”.
- Ensure user are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.