As the coronavirus has been declared a pandemic, people are urged to stay at home and work from home. As a result, many employees utilize VPNs and communication apps more than they have ever before.
Among the apps that have been proven useful for them, is the Zoom app, which is a cloud-based collaboration tool for enterprise provides a remote conferencing service that combines video conferencing, online meetings, chat, and mobile collaboration.
The software has surged in usage significantly. Its download page experienced a staggering 535% rise in daily traffic, and the service has added roughly 2.22 million new users in just three months alone.
This is a massive increase, considering that in the whole 2019, it only added 1.99 million new users.
But that comes with consequences, as the company wasn't ready for that huge traffic.
With more people using the app, hackers are trying to find zero-days vulnerabilities or other weaknesses in the software. And here, security flaws were discovered, one after another, with Zoom's mess practically haunting people right in their own home.
Zoom has taken steps after seeing an increase number of Zoombombing, by taking down its videoconferencing feature. But the move was a bit too late.
Two security firms discovered thousands of usernames and passwords for Zoom accounts for sale on dark web forums.
In the first incident, threat-intelligence provider IntSights said that a cybercriminal posted a database on the dark web containing more than 2,300 Zoom users' usernames and passwords. The credentials could be used for denial-of-service attacks, as well as potentially for eavesdropping and social engineering.
"If the attacker can identify the person whose account he has taken over — and that doesn't take too much time, just use Google and LinkedIn — then the attacker can potentially impersonate that person and set up meetings with other company employees," said Etay Maor, chief security officer for IntSights.
"This can be used for business email compromise [BEC] types of attacks, where the attacker can impersonate a person in the company and ask to move money. It can also lead to asking people to share files and credentials over the Zoom chat."
In a second incident, a cybercriminal posted more than 350 Zoom account credentials to an online forum, with several of the accounts belonging to educational institutions, small businesses, and at least one healthcare firm. The intent of the publication was to allow pranksters to disrupt video calls, according to an explanation by security-intelligence firm Sixgill.
Sixgill said the database contains email addresses, passwords, meeting IDs, host keys and names, and the type of Zoom account. Most were personal, but not all.
And lastly, Researchers at the cybersecurity firm Cyble said they found upwards of 500,000 Zoom accounts that are on sale on hacker forums and dark web forums. All that are on sale for $0.0020 each. It was also said that the researchers found some accounts that were simply being given away to enable "Zoombombing" attacks.
As more people are moving their work to the internet, attackers and security researchers have started testing the applications and services that people use most often.
And Zoom here is considered one of the worse.
In addition to pranking Zoom users, attackers are also unleashing phishing attacks incorporating coronavirus- and pandemic-related topics to lure employees using Zoom into clicking on links.
Here, the attackers have increasingly targeted virtual private networks (VPNs) and remote desktop protocol (RDP) services to exploit employees working from insecure home environments.
Attackers are also using tools such as OpenBullet, a scanning suite for Web applications, originally designed for penetration testers and red teams to find valid Zoom meeting IDs.
"Researchers have already reported about multiple vulnerabilities in these tools," Maor wrote in a blog post. "Unfortunately, some users ignore even the most basic security measures, like securing online meetings with passwords or pin codes – or even publicly showing their meeting ID, as seen in the case of the British government – which in turn allow attackers to take advantage of the situation."
While the companies are patching the issues as soon as they can, damages have been done because the hackers have managed to get hold of the data of those unfortunate Zoom users.
Read: VPN Usage Skyrocketed Since Coronavirus Outbreak And Pandemic