After the data of Users been spotted being sold on the dark web for pennies, Now, Zoom users have a new threat to worry about.
Cybersecurity firm Proofpoint has observed a series of attacks wherein cybercriminals are targeting Zoom users via infected emails to steal account credentials, distribute malware, or harvest credentials for these spoofed video conferencing accounts.
Zoom has become an integral part of most of the people working from home, it has also become quite a favorite with cybercriminals.
As per a report by enterprise security company Proofpoint, hackers are trying to target the more than 200 million daily user base of the video conferencing tool through emails. The report details that there are primarily three types of emails that Zoom users should look out for.
The cybersecurity firm uses three different types of emails to target users. Here are the details:
In the first attack, cybercriminals target energy, manufacturing industry, marketing/advertising, technology, IT and construction companies with ServLoader and the NetSupport remote access Trojans (RATs).
Hackers send a thanks message to the victim thanking them for their response to a fake Request for Quotation. This email contains a subject line which says — [Company] Meeting canceled – Could we do a Zoom call; or [Company] – I won’t make it to Arizona – Could we talk over Zoom?; or The [Company] – I won’t make it to Tennessee – Can we talk over Zoom?’; or The [Company] Meeting canceled – Should we talk over Zoom?” and it includes an attachment that purports to be about that discussion. It offers to have a call via Zoom to discuss the matter.
In the second attack, hackers targeted energy, manufacturing, and business services in a bid to steal user credentials.
In this attack, victims get an email from a purported admin account with a subject line of “Zoom Account”. The message body, as per the cybersecurity firm, includes a “lure that welcomes users to their new Zoom account and contains a link, which the recipient is urged to click in order to activate their Zoom account.” When victims click the link, they are taken to a generic webmail landing page and asked to enter their credentials.
In the third attack, malicious actors use Cisco’s Webex to target victims. According to Proofpoint, hackers target technology, accounting, aerospace, energy, healthcare, telecommunications, transportation, government, and manufacturing companies. They also target another video conferencing app Webex for harvesting users’ account details.
These emails come from addresses such as — “cisco@webex[.]com” and “meetings@webex[.]com” and they use subject lines such as — “Critical Update!” or “Alert!” or “Critical Update!”, “Your account access will be limited!” or “Your account access will be limited in 24h.” or “Your account access will be limited!” to target users.