Data Security

Over 1,700 ZOOM phishing web domains registered during last week

One of the main measures to limit the expansion of coronavirus/COVID-19 has been the so-called “social distancing”, so millions of people have resorted to the use of remote work tools, mention specialists from an information security organization.

One of the most commonly used tools for this is video conferencing platforms, whose popularity has increased markedly over the past few weeks. This situation has its downside, as cybercriminals have begun to take advantage of the growing interest in these services to register phishing domains.

A recent report by specialists from Check
Point
information security organization details a new technique
employed by threat actors that could have granted them access to active Zoom
sessions. 

In the report, specialists say that, over the
past few days, it has significantly increased the registration of domains that
include the term “ZOOM”, one of the most widely used video
conferencing platforms worldwide.

Experts from an information security
organization say that, since January 2020, almost 1800 new web domains have
been registered, with more than 500 registered over the past week. According to
the report, about 4% of these domains have suspicious characteristics. In
addition to Zoom, threat actors have also been using other domains similar to
popular online platforms, such as classroom.google.com.

Some of the sites identified as malicious
contain a file that, when executed, leads to the installation of the InstallCore
PUA iframe
on the victim’s computer, in order to install additional
malware.

Multiple private companies, government
institutions and academics will need to operate remotely indefinitely, so some
security measures need to be implemented on the use of remote work platforms.
The International
Institute of Cyber Security (IICS)
then presents some basic
recommendations to ensure work during the period to be used in the home office.

  • Beware
    of emails and attachments sent by unknown users
  • Do
    not open any attached files or links contained in a suspicious email
  • Try
    to identify domains with names similar to legitimate ones. Threat actors often
    use spelling errors to register malicious domains

The contingency will continue indefinitely, so
users are advised to adhere to these recommendations.

To Top

Pin It on Pinterest

Share This