146 0 Kommentare Check Point Research and Zoom Collaborate to Fix ‘Vanity URL’ Issue

Check Point and Zoom identified an issue in Zoom’s customizable URL feature which could have potentially been exploited by hackers to manipulate meeting ID links to use for phishing purposes

SAN CARLOS, Calif., July 16, 2020 (GLOBE NEWSWIRE) -- Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP), recently helped to mitigate risk associated with a potential security issue in Zoom’s customizable ‘Vanity URLs’ feature that could have allowed hackers to send legitimate-looking Zoom business meeting invitations that appear as associated with a particular Zoom user with the aim of inserting malware and surreptitiously stealing data or credentials from that user. Previously, Check Point Research worked with Zoom this past January to fix a different potential vulnerability that could have allowed hackers to join a meeting uninvited.

Zoom usage has exploded during the global Covid-19 lockdowns, from 10 million daily meeting participants in December 2019 to over 300 million in April 2020. Cybercriminals are using this popularity as phishing lure for Zoom and other video communication platform users. According to Check Point, Zoom-related domain registrations and fake Zoom installation programs, in particular, have been the subject of a major increase.

The new potential Vanity URL security issue was found by researchers following up on the prior January collaboration. This potential security issue could have allowed a hacker to attempt to manipulate a Vanity URL (e.g., https://yourcompany.zoom.us) in two ways:

Targeting via direct links: when setting up a meeting, the hacker could change the invitation URL to include a registered sub-domain of their choice. In other words, if the original link was https://zoom.us/j/##########, the attacker could change it to https://<organization’s name>.zoom.us/j/##########. Without particular cybersecurity training on how to recognize the appropriate URL, a user receiving this invitation may not recognize that the invitation was not genuine or issued from an actual or real organization.
Targeting dedicated Zoom web interfaces: some organizations have their own Zoom web interface for conferences. A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface. As with the direct links attacks, without careful cybersecurity training, a victim of such attacks may not have been able to recognize the malicious URL and have fallen prey to the attack.