Malicious, racist and even pornographic attacks have stepped up recently as the popular video conferencing app Zoom has been hacked by cybercriminals, using a practice called “zoombombing.”
As millions of Americans change the way they do business with stay-at-home orders due to the novel coronavirus pandemic, apps like Zoom Video Communications Inc. (Nasdaq: ZM) have exploded in popularity.
In fact, the company said the number of users reached more than 200 million in March, up from just 10 million at the end of December 2019.
That has presented cybercriminals and hackers with an interesting opportunity.
The Federal Bureau of Investigation issued a warning Wednesday about hackers conducting “malicious activities” by dropping in uninvited to Zoom calls to eavesdrop and use racial slurs and even pornographic images to disrupt meetings.
It already has a name: “zoombombing.”
“Malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities,” the FBI said in a statement.
In a blog post, Zoom said there were things you can do to avoid being “zoombombed.”
- Never give up control of your screen.
- Only allow signed-in users to join your meeting.
- Lock your meeting after it starts to prevent new participants from joining after the meeting starts.
- Disable video.
- Mute participants or put them on hold.
- Turn off file transfer and annotations.
- Disable private chat.
Shares of Zoom were down 4.1% in midday trading Thursday.
Zoom Hacked in Other Ways
Another way cybercriminals have hacked Zoom is by creating fake domains to imitate the conferencing platform.
According to cybersecurity company Check Point Software Technologies Ltd. (Nasdaq: CHKP), more than 1,700 new domains have been registered since January 2020 with names including “Zoom.” Almost 25% of those have been created in the last week.
The FBI said the links appear to “come from legitimate telework software vendors. These sites are created to phish for personal information or unwanted access to your computer.
Zoom Isn’t Alone in Being Targeted
Check Point also said that sites like Google Classroom — usage of which has also spiked with schools closed around the country — have also been targeted.
The official classroom.google.com website has been impersonated by malicious sites like googloclassroom and googieclassroom.
“Additionally, we have detected malicious files with names such as ‘zoom-us-zoom_##########.exe’ and ‘microsoft-teams_V#mu#D_##########.exe’ (# representing various digits),” Check Point said. “The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”
How to Protect Yourself and Your Organization
The FBI said there are several ways you can protect yourself and your business from these cyber attacks, like “zoombombing.”
Here’s what you should do:
- Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
- Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
- Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
- Beware of advertisements or emails purporting to be from telework software vendors.
- Always verify the web address of legitimate websites or manually type it into the browser.
Here’s what you shouldn’t do:
Share links to remote meetings, conference calls or virtual classrooms on open websites or open social media profiles.
Open attachments or click links within emails from senders you do not recognize.
Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.
If you believe you or your company has been victim to a cyberattack, the FBI said to file a complaint with its Internet Crime Complaint Center at www.ic3.gov.
Editor’s note: Zoom Video Communications was one of the work-from-home stocks to buy amid the coronavirus outbreak.