Hackers are using a new malware, IceID, to steal banking information from Zoom users through a convincing fake website. Experts warn users to scrutinize domain names and invest in cybersecurity training and tools to protect against malware attacks. Outsourcing cybersecurity needs to professionals can also provide added protection.
Zoom entered the public consciousness during the COVID-19 pandemic of 2020. The video conferencing app saw a meteoric rise to over 300 million from a mere 10 million meeting participants in December 2019.
The increased popularity and usage of Zoom have attracted the attention of hackers, who now target users with new malware to steal banking information. A team of cybersecurity experts from Cyble Research & Intelligence Labs recently identified the malware and created awareness for users to protect themselves.
According to security experts, cyber criminals are using malware called IceID to run a phishing campaign that collects sensitive banking information. The banking trojan allows hackers to:
At its core, the malware steals private banking credentials. However, its ability to install potentially harmful software for hackers to cause further damage makes it more dangerous. When the IceID malware downloads additional modules and delivers other malware families, it gets difficult for the affected user to get rid of it.
Typically, hackers would spread the trojan using emails with malicious attachments. However, hackers took a unique approach in this phishing campaign and created a decoy website to lure users into downloading the malware.
The Zoom hackers published a highly convincing phishing website called explorezoom.com that looked like a legitimate Zoom page and lured users into downloading the IceID trojan. Whenever users click the download button on that page, they are prompted to get a Zoom installer file called ZoomInstallerFul.exe. The file would then download the actual Zoom application and the IceID malware to the users’ computers.
The number of fake websites posing as well-known brands has spiked recently, especially since remote work became a standard due to COVID-19. The approach makes sense because people are more likely to click a fraudulent link or share sensitive information if they believe they’re on the website of a well-known and trusted site.
With the increased internet usage, it’s easy to see how a well-constructed decoy site can fool many users who give them a quick glance. Today, hackers can design a website to replicate a popular brand and register a legit domain. You can get duped into trusting it as the official site if you’re not keen.
Your best approach is to act carefully with the websites you view. While the domains might look alike, you’ll spot the discrepancy if you look closer.
Take some time and scrutinize a domain name before downloading an attachment or clicking a link. On a business level, you can take several approaches, such as:
1. Investing in Appropriate Cyber Security Training for Employees
The best way to protect your business from IceID and other malware is to educate your employees on identifying and preventing malware attacks. Most data attacks stem from workers’ inability to identify malware attacks, which aids hackers’ schemes.
Train your employees to recognize most malware attack vectors, such as phishing scams, malicious links, and fake websites, to safeguard your business and its data.
2. Installing Anti-Malware, Antivirus, and Anti-Ransomware Tools
The second-best approach to secure your business is to protect yourself from ever-evolving online threats by installing security applications on your devices. Antivirus alone is not enough. You need multiple security tools.
Install anti-malware, antivirus, and anti-ransomware tools to compensate for another software’s weakness and get a superior defense against malware and devastating cyberattacks.
3. Securing Your Network
Network security is integral. You need a firewall to secure and monitor access to your business network. With a great firewall, you can monitor users even at a DNS level and add an extra security layer to block malicious connections to all protocols and ports.
Without a firewall, your network and data may be vulnerable to unauthorized activity and use, which can introduce dangerous malware into your system. Malware like IceID in your organization’s network can cause disasters such as data loss and downtime.
4. Outsourcing Your Cybersecurity
Keeping up with the ever-changing attack vectors, executing regular updates, utilizing the latest security solutions, and monitoring for malware can be time-consuming and challenging. Implementing a comprehensive cybersecurity program can take a lot of resources and effort.
However, you can’t overlook the task, no matter how daunting implementing security solutions are. Outsourcing some of your cybersecurity needs to a dedicated team of professionals can protect your business’s network and data from harm while saving you all the hassle.
Experts who regularly deal with cybersecurity can help your business learn about the latest attacks, deploy appropriate security solutions, and create awareness in your company against malware.
IceID is sophisticated and long-lasting software that affects people worldwide. Hackers usually distribute it as a subsequent payload or through spam emails containing malicious Office file attachments. However, the Zoom hackers utilized a phishing site to deliver the malware.
Attackers will continue to get sophisticated to evade detection by cybersecurity measures. Your business should avoid downloading pirated software, refrain from opening untrusted links, and educate employees on protecting themselves from cyber threats to avoid malware infection.