Jump to content

Zoho abused by cyber criminals worldwide


sincity

Recommended Posts

One of the world's most popular online software suites has been hijacked to deliver phishing campaigns, new research has found,

Zoho and its online platforms is currently linked to 40 per cent of keylogger and phishing campaigns in the last month, according to analysis from security firm Cofense.

According to the report, four in ten attacks used either zoho.com or zoho.eu free email services to pull data from their victims.

Zoho phishing

There are two ways in which cyber criminals are abusing Zoho’s services – by creating fake free accounts and using them to get emails from their malware; and by using stolen accounts to pull data from unsuspecting victims.

Zoho’s biggest problem, according to the report, is that it lacks strict security features, like two-factor authentication, as well as the fact that it’s very easy and fast to create an email account.

The company is working on a fix now, with the first step looking to examine all accounts, especially free ones since this is where most of the abuse appears to be happening,

"We are now mandating verification using mobile numbers for all accounts, including free ones (which also helps in two-factor authentication for accounts)," said the company’s Chief Strategy Officer Vijay Sundaram. "We are actively looking at suspicious login patterns, and blocking such users, particularly for outgoing SMTP.

The second step is around improving and tightening our policies for all users. There are other heuristic methods and algorithms we are exploring and testing before we deploy at scale that we will not discuss in any detail, for all the right reasons."

 

Via: ZDNet

  • The best antivirus to download in October 2018
P0N22S_c5UY

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.