Fraudsters Take Advantage of Zoom's PopularityEmerging Threats Include Phishing, 'Zoom-Bombing'
Fraudsters are taking advantage of the increasing use of Zoom for video conferencing to support those working from home as a result of the COVID-19 pandemic.
For example, security firm Check Point Software says criminals are waging phishing campaigns with Zoom-related themes.
Meanwhile, the FBI warns of “Zoom bombing,” which involves a third party interrupting, taking over or listening in on a video conference.
Check Point Software says in a new report that about 1,700 domains using the Zoom name have been registered since the start of the year, with 25 percent of those coming in the last week. Of those 1,700 domains, Check Point researchers estimate that about 4 percent have "suspicious characteristics," which is likely a sign of fraudsters starting phishing campaigns with Zoom-related messages as a lure. In some cases, the phishing emails and messages that that researchers have observed spoof Zoom login pages and attempt to get victims to input their credentials, which are then harvested by the attackers, the report notes.
In addition to suspicious domains, Check Point notes that its researchers have also uncovered malicious files with names such as "zoom-us-zoom_##########.exe" and "microsoft-teams_V#mu#D_##########.exe."
If downloaded on a device, these files install software called InstallCore, which enables attackers to download additional malware onto the device, according to the Check Point report.
Meanwhile, the FBI's Boston division issued a warning Monday about video-teleconferencing hijacking, or “Zoom bombing."
"The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language," the alert states.
It happened. I was #Zoombombed during a presentation today. Lessons learned and grateful for compassionate students.— Amanda Dixon (@AmandaDixonMA) March 31, 2020
A Massachusetts-based high school recently reported that while a teacher was conducting an online class using Zoom, an unidentified individual dialed into the virtual classroom, yelling profanity and shouting the teacher’s home address, according to the report.
Other Security Concerns
Earlier this week, Zoom apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. Exposed users' data includes IP addresses and device models (see: Zoom Stops Transferring Data by Default to Facebook).
On Monday, the New York Times reported that New York Attorney General Letitia James sent a letter to Zoom asking about the company's privacy and security practices. The letter also sought information about vulnerabilities "that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams," according to the report.
In a response to these concerns, Zoom CEO Eric Yuan posted an update to the company's privacy policies on the company's blog and on Twitter.
In January, Zoom announced that it had fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a meeting ID and join a conference call. The exploitation of the flaw involved guessing IDs for meetings that aren't password-protected (see: Zoom Fixes Flaw That Could Allow Strangers Into Meetings).