One of the world's most popular online software suites has been hijacked to deliver phishing campaigns, new research has found,
Zoho and its online platforms is currently linked to 40 per cent of keylogger and phishing campaigns in the last month, according to analysis from security firm Cofense.
According to the report, four in ten attacks used either zoho.com or zoho.eu free email services to pull data from their victims.
There are two ways in which cyber criminals are abusing Zoho’s services – by creating fake free accounts and using them to get emails from their malware; and by using stolen accounts to pull data from unsuspecting victims.
Zoho’s biggest problem, according to the report, is that it lacks strict security features, like two-factor authentication, as well as the fact that it’s very easy and fast to create an email account.
The company is working on a fix now, with the first step looking to examine all accounts, especially free ones since this is where most of the abuse appears to be happening,
"We are now mandating verification using mobile numbers for all accounts, including free ones (which also helps in two-factor authentication for accounts)," said the company’s Chief Strategy Officer Vijay Sundaram. "We are actively looking at suspicious login patterns, and blocking such users, particularly for outgoing SMTP.
The second step is around improving and tightening our policies for all users. There are other heuristic methods and algorithms we are exploring and testing before we deploy at scale that we will not discuss in any detail, for all the right reasons."
- The best antivirus to download in October 2018