Zoom-Related Threats Up 2,000% During the COVID-19 Pandemic
In March 2020, the daily traffic of the download page of Zoom.us increased by 535%. The statistic came with more than 200 million daily Zoom meetings. On the other hand, malicious files with the Zoom theme jumped by 2000% in March as well. Zoom came into attention because of the COVID-19 pandemic, making millions of people work from home. That led to an increase in the use of video conferencing tools, such as Zoom. Some media outlets decided to describe Zoom as malware on some occasions, which isn't the case, but hackers using it to spread their threats made a lot of people wary of using the tool.
Table of Contents
Cybercriminals exploring popular trends during the pandemic
The trend is not surprising since the threat actors use this opportunity to feed on people's fears. Zoom, as well as other platforms, has seen an increase in traffic because of the pandemic. Even Microsoft's Teams video conferencing tool saw a spoof made that runs malicious activities in the background during work. That isn't surprising to most people working in cybersecurity since, despite some promises made by certain groups to avoid hitting healthcare and medical institutions, the promises weren't kept. The FBI warned users of a significant increase in COVID-19-related scams, as cyber-attacks hit a medical facility used to test COVID-19 vaccines.
This Week in Malware Ep 9: Telecommuters Returning to Office Post-Covid-19 See Spike in Ransomware
COVID-19 malware research uncovers thousands of Zoom phishing domains
Examples of malicious Zoom installers being bundled with cryptocurrency miners are seen in the wild, with those being used by criminals to maximize profit at the expense of people's fears. Security company Cyjax worked on publishing regular COVID-19 update briefings on cyber intelligence as part of the volunteer response to help healthcare organizations with security. Cyjax warned users that over 2000 new domains using Zoom in them were identified as used for phishing since the beginning of the pandemic. Cyjax also mentioned the automated Zoom meeting discovery tool, zWarDial allowed threat actors to find non-password protected Zoom meetings. The increase in phishing domains isn't surprising, as these are set to steal credentials or spread malware using exploit kits. Whenever companies make the news with vulnerabilities, it sometimes gives cybercriminals the chance to target them with phishing campaigns.
The Zoom tool isn’t malware, but criminals are targeting it
Zoom has been responding to the security and privacy issues, ones that it faces given the incredible increase in traffic and risks involved due to the attackers taking advantage of that. Their recent announcements have shown they are working on adding better meeting controls, removing meeting IDs from title toolbars, and stalling feature development to focus on security given the circumstances. Whether this curbs the issue and allows the platform to thrive in the coming months remains to be seen, but cybercriminals may likely keep up their phishing efforts.