Since Zoom became one of the primary ways people communicate, hackers have started sharing and selling stolen account credentials.
found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont.
BleedingComputer’s Lawrence Abrams wrote that the account details, which were taken through previous credential stuffing attacks, are posted on a number of dark web sites and hacker forums after they are sorted through and put into lists. Abrams spoke with cybersecurity intelligence firm Cyble, which tried to warn victims after buying about 530,000 Zoom login details for about $0.0020 per account through a hacker forum. Cyble researchers told Abrams that the accounts they bought came with the email address, password, personal meeting URL, and HostKey of each victim.
Hackers use these account credentials for nefarious uses as well as juvenile ones, including the recent trend of Zoom bombing, which has been reported by schools, governments and businesses. Now that millions of organizations are using Zoom and other video conferencing platforms to conduct all kinds of business, cybercriminals have shown increased interest in login details or potential vulnerabilities that can be exploited.
« Credential stuffing is a popular attack technique, as people often tend to reuse the same password across different services. It is why it’s important that we continually provide security awareness and training to all employees so that they can make better risk-based decisions. This includes not reusing passwords and enabling two-factor authentication where it is available, » said Javvad Malik, security awareness advocate with KnowBe4.
Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally.
Maor and Wright said that since January, hackers have been looking into ways they can manipulate and take advantage of Zoom, knowing that more people are out there using the platform and making mistakes.
Using credentials stolen years ago, cybercriminals are able to exploit the recent spike in usage by reusing old login information to gain access to accounts, where they can disrupt or deface meetings and even steal valuable information.
« Had Zoom prioritized data security in the early days, they would not be taking this tremendous hit to their reputation now that the service has become uber-popular. Many government agencies are now requiring employees and contractors to remove the Zoom app from managed laptops and mobile devices, » Bohls said. « I foresee Zoom having real problems selling into enterprise and government sectors for quite some time. »
Zoom’s ease of use is part of what has catapulted it into dominance of the video conferencing sphere, but recent issues related to security have led to a number of institutions outright banning the use of Zoom entirely. The New York City Department of Education banned the use of Zoom, writing in an internal memo on April 3 that teachers were no longer allowed to use the platform at all. New York City has the biggest public education system in the country, serving 1.1 million students.
Other schools and businesses across the world have begun to ban employees and students from using Zoom out of concern for security.
Irfahn Khimji, certified information systems security professional at Tripwire, said that as more and more users turn to teleconferencing, some basic hygiene principles should be kept in mind for all platforms, including Zoom.
« Users need to be wary of reusing passwords and try to use a password manager so that unique, long, complex passwords can be used for each site that they log into. This will prevent attackers from logging into multiple sites if the user’s credentials are compromised. When possible, ensuring multi-factor authentication is enabled on each of their accounts is also very important, » Khimji said.
« Furthermore, organizations should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wake up call to ensure that security is not just a check box for compliance. »