This report is the third in our series of reports around developing cyber threats concerning COVID-19.
As businesses and social users increasingly adopt video conferencing solutions, there have been rising numbers of reports of malicious behaviour affecting these platforms. There has been a recent increase in the registration of domains using keywords associated with video-conferencing platforms. Malware using the names of these services has also been observed. This indicates a renewed interest from cybercriminals wishing to use these domains and filenames in phishing and malware campaigns.
“Zoom-bombing” is when Zoom video conferences are attended by uninvited participants who can eavesdrop on conversations, or share unwanted and inappropriate material. Businesses should be aware of controls which prevent unwanted visitors such as mandating private, password protected, unique spaces for each meetings and the screening of new entrants. A vulnerability discovered in the Zoom Windows software has also presented the possibility that users’ passwords could be unintentionally leaked. Mitigations are provided in the report and our associated Zoom security “Cheat Sheet”.
There have been newly-reported malicious email campaigns exploiting users’ interests in financial compensation schemes for individuals and businesses as the economic realities of the pandemic bite. Businesses and employees should be made aware of the diverse nature of these campaigns to avoid falling victim. As expected, phishing attacks have continued to use the lure of COVID-19-related information to deceive users into engaging with phishing, malware and fraud.
Malicious domains containing COVID-19-related keywords have been observed daily since the early stages of the outbreak. These domains have been used in phishing, malware distribution, the sale of counterfeit protective equipment and for spreading misinformation. Some US domain registrars have responded to calls from the New York Attorney General by taking steps to reduce risks from bad domains, such as removing the availability of the certain domain names, or manual reviews. Despite these assurances, there is limited evidence of a significant slowdown in the registration of bad domains. Cybersecurity teams should proactively block domains where there is high confidence they are bad.
To read our full report click here.