Dark web: Cybercriminals sell over 500,000 Zoom accounts

Since Zoom became one of the primary ways people communicate, hackers have started sharing and selling stolen account credentials.

5 ways to prevent Zoom bombing
4:57

A new report from BleepingComputer found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont. 

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

BleepingComputer's Lawrence Abrams wrote that the account details, which were taken through previous credential stuffing attacks, are posted on a number of dark web sites and hacker forums after they are sorted through and put into lists. Abrams spoke with cybersecurity intelligence firm Cyble, which tried to warn victims after buying about 530,000 Zoom login details for about $0.0020 per account through a hacker forum. Cyble researchers told Abrams that the accounts they bought came with the email address, password, personal meeting URL, and HostKey of each victim.

Hackers use these account credentials for nefarious uses as well as juvenile ones, including the recent trend of Zoom bombing, which has been reported by schools, governments and businesses. Now that millions of organizations are using Zoom and other video conferencing platforms to conduct all kinds of business, cybercriminals have shown increased interest in login details or potential vulnerabilities that can be exploited.

"Credential stuffing is a popular attack technique, as people often tend to reuse the same password across different services. It is why it's important that we continually provide security awareness and training to all employees so that they can make better risk-based decisions. This includes not reusing passwords and enabling two-factor authentication where it is available," said Javvad Malik, security awareness advocate with KnowBe4. 

SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic) 

Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally. 

Maor and Wright said that since January, hackers have been looking into ways they can manipulate and take advantage of Zoom, knowing that more people are out there using the platform and making mistakes. 

Using credentials stolen years ago, cybercriminals are able to exploit the recent spike in usage by reusing old login information to gain access to accounts, where they can disrupt or deface meetings and even steal valuable information.

Josh Bohls, CEO and founder of security company Inkscreen, said the problem underscores the importance of products and services that are built with security in mind from the very beginning. 

SEE: How to use Zoom: 15 tips and tricks (free PDF) (TechRepublic)

"Had Zoom prioritized data security in the early days, they would not be taking this tremendous hit to their reputation now that the service has become uber-popular. Many government agencies are now requiring employees and contractors to remove the Zoom app from managed laptops and mobile devices," Bohls said. "I foresee Zoom having real problems selling into enterprise and government sectors for quite some time." 

Zoom's ease of use is part of what has catapulted it into dominance of the video conferencing sphere, but recent issues related to security have led to a number of institutions outright banning the use of Zoom entirely. The New York City Department of Education banned the use of Zoom, writing in an internal memo on April 3 that teachers were no longer allowed to use the platform at all. New York City has the biggest public education system in the country, serving 1.1 million students.

Other schools and businesses across the world have begun to ban employees and students from using Zoom out of concern for security. 

Malik said all providers should make two-factor authentication available and enabled by default wherever possible. He added that more decisive strategies that can be implemented include the use of behavioral analytics to detect new or unusual login attempts, as well as using threat intelligence gleaned from password dumps to prevent users from reusing previously breached passwords.

SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)

Irfahn Khimji, certified information systems security professional at Tripwire, said that as more and more users turn to teleconferencing, some basic hygiene principles should be kept in mind for all platforms, including Zoom.  

"Users need to be wary of reusing passwords and try to use a password manager so that unique, long, complex passwords can be used for each site that they log into. This will prevent attackers from logging into multiple sites if the user's credentials are compromised. When possible, ensuring multi-factor authentication is enabled on each of their accounts is also very important," Khimji said. 

"Furthermore, organizations should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wake up call to ensure that security is not just a check box for compliance."

Also see

zoom-dark-web-final.jpg

Illustration: Lisa Hornung, Getty Images/iStockPhoto