Researchers are Noticing Major Increase in Zoom-Related Domain Registrations

Cybercriminals are now setting up fake Zoom domains, attempting to take advantage of the global pandemic to scam users. Threat actors now target the video conferencing tool used to connect to either colleagues or family and friends as part of their operations.

Check Point researchers spotted an increase in domains bearing 'Zoom' in their names throughout the last few weeks. Since January 2020, more than 1700 new domains with a Zoom theme were registered across the world. Over 400 domains of that kind were registered within a week alone. Many of those domains were registered by companies bearing similar names or domains with similar and relevant content.

There are those domains that have been of suspicious origin, however. The conclusions were made based on the date and person registering the domains, the IP address on which it resided, as well as files it was related to and other details.

Zoom appears to be one of the most targeted apps, but it is not the only one used for communications, and video conferencing attackers are going after. The apps are being used for scams and phishing attempts in recent weeks, as criminals are taking advantage of people's fears in this trying time.

The goal of creating these websites appears to be tricking users into sharing account details or having users share banking data or personal information.

Multiple security vendors have been reporting a surge in attacks related to the COVID-19 pandemic since the beginning of 2020. The attacks were aiming at the increasing number of people working from home because of the rules of social distancing in place. Threat actors are exploiting the situation with phishing campaigns, business email targeting, and taking over of accounts.

Commonly used cybercriminal tactics

One of the more frequently used ways of approaching potential victims was to manipulate them to download and install fake VPN installers. Those end up connecting users to malicious websites, where malware is downloaded.

Another tactic seen by threat actors is spam email campaigns using COVID-19-themed phishing emails. Those emails claim they come from the US Centers for Disease Control and Prevention (CDC) or other authorities, such as the World Health Organization (WHO).

The sudden increase in videoconferencing and communication tools used means elevated privacy concerns for individuals and companies. Zoom recently announced they are removing the 'Login with Facebook' feature allowing iOS users to access the tool with their Facebook accounts. The company mentioned the step was taken due to collecting too much information by the Facebook software development kit used in the login.

Zoom mentioned the privacy of their customers is essential to the company, so they decided to remove the Facebook SDK.

Security Vendor Armor mentioned cybercriminals were attempting to exploit concerns over the pandemic in other ways. Researchers found that cybercrime websites working on selling illegal drugs were trying to profit through offering surgical masks, N95 masks, and chloroquine at massively increased prices.