One of the main measures to limit the expansion of coronavirus/COVID-19 has been the so-called “social distancing”, so millions of people have resorted to the use of remote work tools, mention specialists from an information security organization.
One of the most commonly used tools for this is video conferencing platforms, whose popularity has increased markedly over the past few weeks. This situation has its downside, as cybercriminals have begun to take advantage of the growing interest in these services to register phishing domains.
A recent report by specialists from Check Point information security organization details a new technique employed by threat actors that could have granted them access to active Zoom sessions.
In the report, specialists say that, over the past few days, it has significantly increased the registration of domains that include the term “ZOOM”, one of the most widely used video conferencing platforms worldwide.
Experts from an information security organization say that, since January 2020, almost 1800 new web domains have been registered, with more than 500 registered over the past week. According to the report, about 4% of these domains have suspicious characteristics. In addition to Zoom, threat actors have also been using other domains similar to popular online platforms, such as classroom.google.com.
Some of the sites identified as malicious contain a file that, when executed, leads to the installation of the InstallCore PUA iframe on the victim’s computer, in order to install additional malware.
Multiple private companies, government institutions and academics will need to operate remotely indefinitely, so some security measures need to be implemented on the use of remote work platforms. The International Institute of Cyber Security (IICS) then presents some basic recommendations to ensure work during the period to be used in the home office.
- Beware of emails and attachments sent by unknown users
- Do not open any attached files or links contained in a suspicious email
- Try to identify domains with names similar to legitimate ones. Threat actors often use spelling errors to register malicious domains
The contingency will continue indefinitely, so users are advised to adhere to these recommendations.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
