Zoom is one of the fastly evolving video conferencing services, and more than 200 million users are using this service. But, from some time some news are coming which is against this service, i.e., security problems and susceptibility. Recently, one more threat is spotted bu the Zoom users. The hackers are using credential phishing emails to get access to the Zoom account details of the user’s. As per the report, the hackers are aiming individuals and businesses in the transportation, manufacturing, technology, and aerospace sectors in the US.
Due to the coronavirus pandemic, all the offices, schools, and other organizations have shifted to video conferencing to communicate. And this increased a lot of user base for the services like Zoom.
Proofpoint published an analysis that they have found that credential phishing is used to get the account details of the user. In phishing, the hacker lies and attract the users towards him so they can share their account details easily.
The report says that hackers are using emails to target many sectors in the US. The email that the users are getting is like coming from an admin account such as Rouncube Admin or admin@servewebteam[.]gq, and its subject line is Zoom Account. The body of the mail is like the welcome user to Zoom, and also it sends a link to activate the account. The link will redirect the user to a generic webmail landing page where they asked the user to enter their credentials.
Proofpoint found one other phishing email that tries to attract the Zoom users with a message, i.e., missed meeting. This mail says that the user has missed his Zoom meeting, and they give a link by which the user can check his missed conference call. When the user clicks on the link, then it redirects the user to a Zoom page, which looks like an official but, it isn’t. Proofpoint said that it is a spoofed Zoom page. The page asked the user to enter their credentials.
A small campaign targets the manufacturing, industrial, marketing/advertising, technology, IT, and construction companies are trying to affect the users with ServLoader/NetSupport remote access Trojans. The mail thanks to the users for replying to a fake RFQ (Request for Quotation) and allows them to have a Zoom call. The mail has the different subject lines such as [Company] Meeting canceled – Could we do a Zoom call, [Company] – I won’t make it to Arizona – Could we talk over Zoom?, The [Company] – I won’t make it to Tennessee – Can we talk over Zoom? and many more.
A large agricultural firm got an attachment that asked it to enable macros after that a ServLoader PowerShell script is completed. Then it installs the NetSupport, a remote-control application.
The people using video conferencing as a means of communication should know that the threats about their privacy and security are increasing. The latest threat is not because of the Zoom mistake.