- Cyber security firm Proofpoint has observed a series of attacks wherein cyber criminals are targeting Zoom users via infected emails.
- The attacks are targeting individuals and businesses in the transportation, government, telecommunications and manufacturing sectors.
- There are primarily three types of emails that Zoom users should look out for.
Amid COVID-19 crisis Zoom has now become a new hub for cyber criminals, reports Times of India.
Zoom under attack by cyber criminals
Zoom has been in the middle of a security crisis lately. Riddled with bugs and security flaws, the video conferencing platform, whose user base shot up from 10 million back in December 2019 to 200 million in March 2020, has been deemed unsafe to use by several companies and even governmental agencies.
In addition to that, data of Zoom users has also been spotted being sold on the dark web for pennies. Now, Zoom users have a new threat to worry about.
Cyber security firm Proofpoint has observed a series of attacks wherein cyber criminals are targeting Zoom users via infected emails to steal account credentials, distribute malware, or harveste credentials for these spoofed video conferencing accounts.
The cyber security firm uses three different types of emails to target users. Here are the details:
Email subject line: Zoom Account
As per the researchers of Proofpoint, these kinds of phishing emails include a lure that claims to welcome users to their new Zoom account, putting the new joiners at risk.
These emails appear to be coming from an admin account and include a link. The people who receive this email are urged to click on the link in order to complete the activation process of their Zoom account.
Clicking on this link will take users to a “generic webmail landing page” asking them to enter their credentials. This medium-sized campaign has targeted energy, manufacturing, and business services in the United States, claims the report.
Email subject line: Missed Zoom Meeting
In this case, as per the Proofpoint report, recipients get an email claiming that they have missed a Zoom meeting. The email also includes a link that the email says can be used to “Check your missed conference”.
Just as it was in the aforementioned case, the link will take the recipient to a “spoofed Zoom page and ask for their Zoom credentials.”
Even though this is a small-sized campaign, these types of emails have targeted transportation, manufacturing, technology, business services and aerospace companies in the United States.
Email subject line: [Company] Meeting cancelled – Could we do a Zoom call?
This is a malware campaign that was carried out over several days and seeks to distribute the ServLoader/NetSupport remote access Trojans, claims the Proofpoint report.
The email contains a thank you message for the recipient for their response to a fake RFQ (Request for Quotation). It also includes an attachment that appears to be about that discussion, and offers to have a call via Zoom.
If the recipient opens the attachment, they are prompted to enable macros and once the macros are enabled, a ServLoader PowerShell script gets executed, “which in turn will install the NetSupport, a legitimate remote-control application that threat actors abuse.”
This is also found to be a small campaign that has targeted energy, manufacturing industrial, marketing/advertising, technology, IT and construction companies with ServLoader and the NetSupport remote access Trojans (RATs).
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: Times of India