The COVID-19 crisis pulled the curtains back on humanity's heartwarming do-gooders like passionate medical professionals and charitable corporations. But we've also seen an ugly side that includes price gougers, hoarders, and perhaps most duplicitous of all, coronavirus-capitalizing hackers.
Investigators at Check Point Research discovered an uptick of pandemic profiteers targeting Zoom and Google Hangouts participants as videoconferencing usage skyrockets to fulfill work-from-home and social-distancing needs.
- Have you noticed a surge in phishing emails since the coronavirus outbreak? We have, too!
- Fake COVID-19 apps are spreading malware: How to protect your PC
- Coronavirus is being exploited by hackers to spread malware: What to do
How Zoom users are being targeted by COVID-19-capitalizing hackers
Since the onset of the COVID-19 pandemic in January, a whopping 1,700 new domains contained the word "Zoom" -- 25% of those domains (425 to be exact) were registered within the past 7 days. Lead investigators classified 70 of these domains as "suspicious." In other words, these websites were likely created with malicious intent.
"The numbers reinforce the trend of hackers taking advantage of millions now working from home through Zoom, the popular video conferencing service used by over 60% of the Fortune 500," the Check Point Research report said.
Check Point researchers also discovered maliciously created files -- “zoom-us-zoom_##########.exe,” for example -- aimed at targeting unsuspecting Zoom users. Running such files on one's computer leads to the installation of the InstallCore malware, which is known for installing more than one threatening application.
“The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit," Omer Dembinsky, manager of cyber research at Check Point Research, said. "Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.”
Although the lead investigators' main focus for this report was Zoom, researchers also discovered that opportunists were capitalizing off other popular conferencing platforms such as Google Hangouts and Google Classroom.
"Check Point Research observed new phishing websites for each one of the leading communication applications, including googloclassroom\.com and googieclassroom\.com, which impersonate the official classroom.google.com (opens in new tab) website," the report said.
Zoom's now-fixed security flaw
Nosey hackers had the ability to eavesdrop on Zoom calls by generating randomized numbers created for Zoom teleconferencing URLs, according to a January 2020 Check Point Research report. Fortunately, Zoom patched this security vulnerability and implemented tighter security measures, such as password-protected meetings.
How to be more secure while using Zoom
Researchers at Check Point compiled a set of guidelines for security-concerned Zoom users. Those include:
- Update your Zoom software regularly. Updates can rectify security vulnerabilities.
- Require a meeting password. When scheduling a meeting on Zoom, you can tick the Require a Password option, which will prompt you to create a password for your participants to plug in when it's time for the virtual meet up.
- Enable Waiting Room. You can also tick the Waiting Room option, which allows the host to implement a virtual waiting room -- this gives call managers the option to confirm accepted participants.
- Beware of look-a-like domains and installation files. You may see the words Zoom or Google Hangouts in a domain or file and assume it's safe, but don't be too trusting, especially if it's from an unknown sender.
Check Point Research's report is valuable as the demand for videoconferencing platforms soar and hackers flock to profit from the skyrocketing interest; The numbers for Zoom alone is mindblowing: 96% of the top 200 US universities use Zoom. Over the past year, Zoom's customers (opens in new tab) increased by a whopping 67%.
It's no wonder the platform is becoming a hotbed for cybercriminals.