Sunday, May 19, 2024

Tech News, analysis, updates, comments, reviews

Zoom’s 200 Million Users Are Facing A Serious New Threat

Late last year, the Zoom video conferencing platform was hosting 10 million users, and that figure has surged to 200 million today.

It’s a well-known fact that cyber-attackers always follow the money, so it’s no surprise that they are now targeting Zoom’s millions of users to try and persuade them to give away their log in credentials or download malware.

The cyber-criminals are attempting to do their worst via a very simple medium: Email. That’s according to cybersecurity researchers at Proofpoint, who have discovered a wave of “phishing” emails intending to steal Zoom credentials and spread malware.

The emails you need to look out for 

The attacks are targeting individuals and businesses in the transportation, government, telecommunications and manufacturing sectors, Proofpoint says.

There are three emails to look out for. The first has the subject line “Zoom Account” and includes a message welcoming new users to their account. However, attackers then encourage users to click on a link and activate their Zoom account by entering their login details–which the criminal will then steal.

The second email, which has the subject line “Missed Zoom Meeting,” informs you that you’ve just missed a Zoom meeting. Attackers then want you to click a link to “check your missed conference,” so you again enter your details which they can steal.


An example of a scam Zoom email.


The third scam discovered by Proofpoint is aimed at U.S. based users working in industries such as technology, accounting, aerospace, energy, healthcare, telecommunications, transportation, government, and manufacturing companies. It targets another popular video conferencing service Cisco WebEx. The Cisco WebEx scam reads: “Alert!” “Your account access will be limited!”

Attackers will then try to make you “update your WebEx” to fix a security vulnerability, by leading you to a phishing page.

Another small campaign targets energy, manufacturing industrial, marketing/advertising, technology, IT and construction firms with malware. With email subject lines including “Meeting cancelled – Could we do a Zoom call,” attackers are hoping users will help them gain access to their files and information including usernames, passwords and credit card data.

The risks, and what to do

Zoom is already under fire from users for privacy violations and for misleading claims about the platform being end to end encrypted, but it’s implementing measures to try and be better.

Zoom’s also suffered from vulnerabilities affecting users of operating systems including Windows and Mac OS–which have since been fixed.

This latest threat is not Zoom or the other target WebEx’s fault; it has simply happened because more users equals more people to try to attack.

“Video conferencing has become very popular very quickly,” Sherrod DeGrippo, Proofpoint’s senior director of Threat Research says.“Attackers have noticed and moved to capitalize on that popularity and brand strength.

“Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for phishing, in particular to steal Zoom and WebEx credentials.”

So what are the risks? According to DeGrippo, stolen account credentials could be used to login to corporate video conferencing accounts. In addition: “They also could likely be sold on the black market or used to gain further information about potential targets for launching additional attacks.”

Phishing emails will continue to target any successful service or app, and the most effective way to prevent becoming a victim is to be aware and careful. Don’t click on links in emails without checking where they come from first.

Look for spelling errors and strange sender names, and avoid entering your credentials on a site via an email. Instead log into the app directly, and see if any action needs to be taken.


Please enter your comment!
Please enter your name here

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

How to Make the Internet More Safer – My Take

If you a follower of this blog, you already know our obsession with #cybersecurity. We believe in a safe Internet for all. We also believe that there is enough room, resources, and will for all of us to co-exist...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.