In a recent investigation of deep and dark web forums, IntSights researchers came across a cybercriminal who shared a database containing more than 2,300 usernames and passwords to Zoom accounts.

According to an IntSights blog, written by IntSights Chief Information Security Officer Etay Maor, an analysis of the database revealed that aside from personal accounts, there were many corporate accounts belonging to banks, consultancy companies, educational facilities, healthcare providers, and software vendors, amongst others. While some of the accounts “only” included an email and password, others included meeting IDs, names and host keys, he adds.

Forum participants asked how to gain access into Zoom conferences and several posts and threads discussed the different approaches of targeting Zoom’s conferencing services, some of which focused on Zoom checkers and credential stuffing, notes Maor. 

"With much of the global workforce confined to work from home using collaboration and conferencing tools to keep businesses running, threat actors are increasingly looking for ways to take advantage of the situation and target people, processes and technologies," says Maor. "Implementing a cyber threat intelligence strategy which is based on the collection, analysis and dissemination of reliable, timely and actionable intelligence is a core component for any cyber security program that aims to be proactive rather than reactive and defend forward."