Hackers use keyloggers to steal the information from 3 million Zoho users

Oct 4, 2018Elley
Learn more about 360 Total Security

Background
Zoho is a software company based in India, which offers a variety of web-based online office tools containing word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management (CRM), project management, invoicing and other applications developed by ZOHO Corporation. On September 25th, Zoho.com suddenly became inaccessible as it was reported to be abused by a keylogger. As a result, zoho.com was blacklisted and removed by TierraNet, a domain name registrar company.

To help both large companies and small business to fight against all types of threats in one easy-to-manage and scalable solution, we provide 360 Total Security for Business to our users. The users who are interested in 360 Total Security for Business can visit our official website and can get the 30-day Free Trial as well.

What happened to Zoho.com?
Zoho.com, which offers a variety of online productivity software services, suddenly became unreachable on September 25th because its domain name registrar TierraNet received a direct report on Zoho’s phishing campaign. This is why TierraNet blacklisted Zoho’s site.

Although Zoho seems innocent, according to the statistics of Cofense, 40% of the keylogger software use Zoho’s service to transmit stolen information.

Zoho provides a variety of web-based business tools, from e-mail, productivity tools, IoT management platforms to IT management services, and is free for use by companies with less than 3 users. Hence, Zoho has more than 30 million users worldwide.

What makes Zoho the focus of the media is the keylogger malware, which records the victim’s password or other information and sends it directly to the server controlled by the hacker, or collects it from the victim’s computer via email. Information is sent to hackers, and Zoho’s email service becomes a conduit for hackers.

The hacker has created a free and fake Zoho email account to receive information collected from the keylogger, or to continue the phishing activity to inject the keylogger malware by stealing the Zoho email account credentials.

Last month, TierraNet received three reports regarding phishing scams for Zoho and directly shut down Zoho’s website with an automatic algorithm. After receiving complaints from Zoho, TierraNet recovered the url after an hour, but the related child domain names were restored after 24 to 48 hours.

Zoho’s CEO, Sridhar Vembu, pointed out that not only Zoho, but the world’s major mail services are also attacked by phishing activities. Symantec’s survey last year showed that 76% of companies have been victims of phishing attacks. The three complaints received by TierraNet were that the victims received phishing emails from Zoho. Fortunately, they already solved two of them. At the end of the investigation, TierraNet closed the website without telling them.

Vembu strongly expressed dissatisfaction with TierraNet and immediately changed its domain name registrar from TierraNet to Cloudflare.

Zoho did not participate in the hacker’s phishing or keylogging activities, but another security operator pointed out this week that up to 40% of the keylogger programs use zoho.com Or zoho.eu’s e-mail address to send the information collected from the victim’s computer. Zoho is ranked first in the world, Russia’s Yandex mail service ranked second with 7%.

The analyst of Confense said that it is not certain why hackers overwhelmingly choose the Zoho platform, perhaps just because Zoho’s security measures are too weak, including not forcing users to use two-factor authentication or activity monitoring.

After Cofense’s report was released, Zoho also decided to strengthen the security measures for the free account of the station to raise the threshold for abuse, including performing action verification for new accounts, enhancing identification of phishing messages not from the station, and blocking the free account with suspicious login behavior.

Reminder
According to the statistics, nearly half of all enterprises were hacked in the last 12 months. For large companies, they usually have a well-developed security system to protect their information, but for small companies, how to protect the information security inside the company is an important issue. Fortunately, we also provide 360 Total Security for Business, which can help enterprises against all types of threats in one easy-to-manage and scalable solution. The users who are interested in our business version can visit our website via the link:
https://www.360totalsecurity.com/business/?utm_source=blog

We also offer 30-day Free Trial to our users, please refer to the free trial link:
https://central.360totalsecurity.com/en/email-trial-signup/?utm_source=blog

Learn more about 360 Total Security