With the COVID-19 pandemic, organizations across the world restricted their employees to work from home as part of social distancing and to prevent the spread of the virus. On the flipside, opportunistic cybercriminals are taking advantage of the situation. Hackers have now set their sights on the global workforce working from home. Several industry experts stated that remote work increased the risks of cyberthreats like never before. We continue to see malware attacks, weaponized websites, and phishing attacks targeted to trick people into opening malicious links or attachments.
With the majority of the employees working remotely, online communication platforms like Zoom saw a sudden increase in its popularity. According to a report from Check Point, hackers are taking advantage of the rise in Zoom usage by registering fake and malicious Zoom domains. The report stated that around 1,700 new Zoom domains have been registered since the pandemic, with 25% of the domains registered in the past seven days alone.
Zoom is a cloud-based enterprise communication platform with over 74,000 customers and 13 million active users. It offers chat, audio, video conferencing, and options to host webinars and virtual meetings online.
In addition, Check Point also detected malicious files named as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe”. If one runs/downloads these files, it’ll lead to the installation of malicious file “InstallCore PUA” on the victim’s device, which could lead to additional malicious software installations.
Coronavirus-themed Domains 50% more Malicious than Other Domains
Based on Check Point’s Threat Intelligence Report, there are over 4,000 coronavirus-related domains registered globally, in which 3% (approximately 120 domains) were found to be malicious and an additional 5% (200 domains) are suspicious. The report stated that Coronavirus- related domains are 50% more malicious than other domains registered in the same period.
Check Point also recommended few tips to help users protect against attacks, these include:
- Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts
- Don’t open unknown attachments or click on links within the emails
- Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders
- Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page
- Prevent zero-day attacks with a holistic, end to end cyber architecture