Hackers are targeting Zoom domains to take advantage of remote workers

Share on facebook
Share on twitter
Share on linkedin
Share on email

Now that South Africa, and much of the rest of the globe is on lockdown in a bid to flatten the curve on COVID-19, far more people are working remotely and using platforms like Zoom to collaborate with co-workers. In fact Zoom has become an increasingly popular tool to use when video conferencing, and unsurprisingly, hackers have caught wind of this and looking to take advantage.

According to the latest research from CheckPoint, there has been a significant rise in the number of domains registered with the word “zoom”. In fact the cybersecurity firm has seen 1 700 new domains registered since the beginning of the year, with 25 percent of them registered within the last week.

Looking into said domains, Check Point has found 4 percent of them to feature some sort of suspicious activity.

Zoom is not alone in this, however, with researchers also finding other online communications tools being used by cybercriminals for attacks.

“New phishing websites have been spotted for every leading communication application, including the official classroom.google.com website, which was impersonated by googloclassroom\.com and googieclassroom\.com,” Check Point explains.

“Additionally, we have detected malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# representing various digits). The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation,” the research firm adds.

As such it looks as if hackers are taking advantage of the fact that remote workers are looking for any kind of platform to keep them connected with co-workers, as well as facilitate the way they do business during lockdowns and the COVID-19 pandemic.

It is therefore increasingly important that users scrutinise any piece of software downloaded from the internet currently, as lackadaisical approach could prove detrimental.

To that end, Check Point has offered up the following tips during lockdown:

  1. “Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts.
  2. Don’t open unknown attachments or click on links within the emails.
  3. Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.
  4. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  5. Prevent zero-day attacks with a holistic, end to end cyber architecture.”
Robin-Leigh Chetty

Robin-Leigh Chetty

When he's not reviewing the latest smartphones, Robin-Leigh is writing about everything tech-related from IoT and smart cities, to 5G and cloud computing. He's also a keen photographer and dabbles in console games.