With face-to-face meetings being cancelled due to the outbreak of the COVID-19 pandemic, individuals have turned to video conferencing platforms, such as Zoom, Webex and Google Hangouts, to maintain productivity and keep in touch with colleagues and customers.
Coronavirus and Video Conferencing
As large numbers of employees adapt to working from home, video conferencing has provided an accessible and affordable way to enable the modern workplace. However, the increased reliance on video conferencing technology has also provided the perfect opportunity for cybercriminals to eavesdrop on private conversations, send spoof messages, hijack screen controls and launch an array of malicious attacks.
In a recent survey conducted by Threatpost, 40% of companies have already reported an increase in cyber attacks as they enable remote working.
Zoom Security Concerns
Zoom, a popular video conferencing software, has grown rapidly as a result of the coronavirus crisis. It’s estimated that the company has added 2.22 million active monthly users so far in 2020, compared to the 1.99 million users added in all of 2019.
With daily meeting participants on the platform increasing from 10 million in December to 200 million in March, the widespread and frequent use of the cloud-based video conferencing platform has exposed a wide and constant attack surface for any fraudster wishing to exploit the opportunity.
In recent weeks it has been revealed that Zoom has become a target for hackers due to a serious vulnerability in its desktop conferencing application. In fact, hackers around the world are actively engaged in bug bounty hunting, searching for potential vulnerabilities in Zoom’s technology to be sold to the highest bidder, with individuals selling their exploits from $5,000 to $30,000.
Zoom has come under fire due to its security and privacy flaws. This has led to school districts banning teachers from using Zoom to teach remotely. Hundreds of Zoom accounts have also found their way onto the dark web, including details of email addresses, passwords, meeting IDs, host keys and names.
One of the biggest concerns is the threat that has been dubbed ‘Zoom-bombing’, whereby trolls and hackers gain unauthorised entry into video conferences, causing disruption and carrying out malicious actions.
Using this vulnerability, a recent UK Government cabinet meeting was targeted by hackers after the organisers mistakenly left the Zoom address on a screen-shot which was posted to social media.
Alcoholics Anonymous meetings and many universities have also reported incidents where uninvited trolls have joined virtual meetings and harassed participants with vicious slurs.
In a recent study, researchers found that they could generate links to genuine Zoom meetings without password protection using automated tools to generate random meeting room IDs.
Eric Yuan, Zoom’s CEO and founder, addressed the security concerns, stating that the company’s plan for the next 90 days is to dedicate « the resources needed to better identify, address and fix issues proactively. »
As people and businesses have become increasingly reliant on video conferencing to stay connected, users should be aware of their security risks and how to overcome them.
Top Tips for Secure Video Conferencing
- When you receive a meeting invitation, verify that it’s from a known, trusted sender. Avoid clicking suspicious links which may try to trick you into entering your login details into a spoof phishing website.
- Do not share a link to a teleconference on social media. Only provide the private link directly to specific people who should participate in the meeting.
- Check that whiteboards, documents and other materials which may contain sensitive information are not in view of the camera.
- Ensure you are using the latest version of the video conferencing software, as security vulnerabilities are likely to be exploited in older versions.
- Avoid making meetings public. For extra security, make your meeting settings private and add a meeting password to control the admittance of guests. If the service lets you create a password for the meeting, use password creation best practices.
- Make use of waiting room features in conferencing software. Such features put participants in a separate virtual room before the meeting and allow the host to admit only the people who are supposed to be in the room.
- Manage your screen sharing options. Set the host to manage screen sharing by default, then the host can allow specific participants to share when appropriate.
- Have a video conferencing policy in place. Like other important organisational policies, a video conferencing policy enables you to set clear boundaries and safe behaviours for users.
- Don’t record meetings unless you need to. If you do record a meeting, make sure all participants are informed and the recording is saved in a safe and secure location.
- Educate all employees about the risks of video conferencing and the specific steps they should take to ensure their conferences are secure.
Free Coronavirus Awareness Assets
In this time of uncertainty, MetaCompliance is committed to supporting organisations mitigate the risk of cyber threats.
To help communicate good cyber hygiene and vigilance, we have created a bank of free digital assets, which you can use to support your communications during this challenging time.
Click here to access your free awareness assets.