Threat actors take advantage of the increased usage of video conferencing apps is reflected in the rise of malicious domains and files related to Zoom application. Cases of “Zoom bombing” has been witnessed as well. The use of Zoom and other video conferencing platforms has increased since many companies have transitioned to a work-from-home setup due to the coronavirus (COVID-19) outbreak.
Registrations of domains that reference the name of Zoom has significantly increased, according to Check Point Research. More than 1,700 new domains related to Zoom were registered since the beginning of 2020, but 25% of this number was only registered in the past week. From these domains, 4% have been found with suspicious characteristics.
Other communication apps such as Google Classroom have been targeted as well; the official domain classroom.google.com has already been spoofed as googloclassroom\[.]com and googieclassroom\[.]com.
The researchers were also able to detect malicious files containing the word “Zoom,” such as “zoom-us-zoom_##########.exe” (# representing various digits). A file related to Microsoft Teams platform (“Microsoft-teams_V#mu#D_##########.exe”) was found as well. Running these files installs InstallCore PUA on the user’s computer, which could allow other parties to install malware.
In addition to malicious domains and files, the public is also warned of Zoom bombing, or strangers crashing private video conference calls to perform disruptive acts such as sharing obscene images and videos or using profane language. Attackers guess random meeting ID numbers in an attempt to join these calls. Companies and schools, holding online classes, have fallen victim to this. Zoom has released recommendations on how to prevent uninvited participants from joining in on private calls.
Zooming in on work-from-home set up security
The transition of many companies to a work-from-home (WFH) arrangement has brought about its own set of security concerns. For one, the increased reliance of companies on video conferencing apps for communication can inadvertently expose businesses to threats and even possibly leak classified company information.
Employees are advised to properly configure the settings of these apps to ensure that only those invited can participate in the call. Users are also advised to double-check domains that may look related to video conferencing apps and verify the source before downloading files. Official domains and related downloads are usually listed in the apps’ official websites.
Besides securing the use of video conferencing apps, users can also protect their WFH setups through the proper use and configuration of a virtual private network (VPN) and remote desktop protocol (RDP), which are commonly used for remote connection. Choosing strong passwords and setting up two-factor authentication (2FA) will also help secure accounts. Users are also reminded to be wary of online scams, including those that use content related to COVID-19 to lure possible victims.