‘Zoom’ domains rocket as cybercriminals move in

COVID-19 impact: cyber criminals target Zoom domains – Researchers at Check Point have observed a drastic rise in the number of “Zoom” domains registered in the last week. Since the advent of the COVID-19 pandemic in January, 1700 new domains containing the word “Zoom” have been documented: 25% (425 domains) of which were registered in the past 7 days alone. Check Point deems 70 of these domains as suspicious. The numbers reinforce the trend of hackers taking advantage of millions now working from home through Zoom, the popular video conferencing service used by over 60% of the Fortune 500.

In addition, Check Point Research observes new phishing websites for each one of the leading communication applications , including googloclassroom\.com and googieclassroom\.com, which impersonate the official classroom.google.com website.

Malicious Zoom Files

Check Point also detects malicious files with names such as “zoom-us-zoom_##########.exe”. The running of these files lead to an installation of the infamous InstallCore PUA on the victim’s computer, and could potentially lead to additional malicious software installation. InstallCore is a potentially unwanted application that installs other potentially unwanted applications and threats onto the computer.

Check Point’s Manager of Cyber Research, Omer Dembinsky, says: “We see a sharp rise in the number of “Zoom” domains being registered, especially in the last week,” says Omer Dembinsky, Manager of Cyber Research at Check Point. “The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.”

Zoom Security Flaw

In January 2020, Check Point published a research report proving that Zoom had a security flaw. The research showed how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Consequently, Zoom was forced to fix the security breach and change some of its security features, such as mandating scheduled meetings to automatically be protected by a password. The same researchers who conducted the research study published general Zoom Safety Guidelines for folks working from home.

How to Stay Safe

Check Point recommends the following safety tips to protect against Zoom phishing attempts:  

1.       Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts. The cure for Corona will not arrive via email.

2.       Don’t open unknown attachments or click on links in the emails.

3.       Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.

4.       Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

5.       Protect your organization with a holistic, end to end cyber architecture, to prevent zero-day attacks

6.       90% of cyber-attacks start with a phishing campaign. Are you doing enough to protect your organization’s attack vectors? Read the whitepaper Humans are Your Weakest Link to discover The daily risk of phishing emails