How are Cybercriminals Capitalizing on Zoom’s Popularity?

  • Zoom has emerged as a leading teleconferencing provider during the COVID-19 pandemic.
  • While it continues to be favored worldwide, the VTC platform has received flaks for being prone to hacking attacks and having some security issues.

Zoom has emerged as a leading teleconferencing provider during the COVID-19 pandemic. It has gained immense popularity among enterprises and SMBs to connect remotely and conduct meeting classes, and even social gatherings. While it continues to be favored worldwide, the app has received flaks for being prone to hacking attacks and having several security issues.

Zoom-bombing attacks

With tens of millions of users hosting meetings on Zoom, there has been an increase in the so-called Zoom-bombing attacks -- where uninvited users enter a restricted meeting and begin harassing participants by disrupting their meeting or projecting unwanted graphic images.

The problem turns worse when malicious actors hijack and take control of the victims’ screens via the video conference platform and disrupt their meetings and lessons. Once the screens are hijacked, threat actors can put their words and images in the chatbox or do nuisance with the audio.

Leveraging fake Zoom apps

The tremendous surge in popularity of the video conferencing app has also witnessed a growth in the fake Zoom apps being available on third-party stores. In a report from Bitdefender Labs, some of the fake versions of the app - labeled as ZOOM Cloud Meetings and Zoom -  distributed adware and trojans like Android.Trojan.HiddenAds.AJR & Android.Trojan.Downloader.UJ. Trend Micro had also detailed about a fake Zoom installer that was used to drop a malware called Trojan.Win32.MOOZ.THCCABO that later unleashed coin mining modules.

Malicious domains with name ‘Zoom’ registered

During the past few weeks, security researchers have also found a major increase in new online communication domain registration with the name ‘Zoom’ in it. These websites look legitimate to naked eyes and can easily trick users into sharing their personal details. However, the trick is not just limited to Zoom but also affects other video conferencing apps from Google and Microsoft.

Stolen Zoom credentials on sale

In the last week of March, Zoom had disclosed that the personal information of at least thousands of users was leaked due to a security flaw in the website’s ‘Directory’ settings. Although a workaround to address the issue was provided by the company, Zoom landed itself in the soup again after the credentials of some of its clients were put up for sale on a dark web forum. A cybercriminal had posted a database containing more than 2,300 usernames and passwords, including meeting IDs, names and host keys for Zoom accounts on the underground forum. The credentials could be used for performing DoS attacks, launching Zoom-bombing attacks or potentially for eavesdropping.

As if user credentials were not enough, cybercriminals were also selling Zoom exploits at prices ranging from $5000 to $30,000.

Conclusion

As large numbers of people turn to Video Tele Conferencing (VTC) platforms like Zoom to stay connected in the wake of the COVID-19 crisis, the FBI has recommended detailed guidelines to mitigate teleconference hijacking threats. In addition, users should exercise due diligence and caution when connecting remotely for lessons and meetings.