Working from home has become increasingly popular as a result of business uncertainty. Because the majority of meaningful tasks in any organization require collaboration, this remote work approach has naturally resulted in a significant increase in the use of collaboration tools like Zoom Conferencing.
Zoom’s daily usage increased by more than 5 times in March. The platform makes it simple for business users and their clients to join meetings at any time. It’s also popular among educators and students who want to take their classes online. Where the good guys go, the bad guys follow, and the platform’s sudden rise in popularity has attracted cybercriminals looking to hijack meetings and exploit security flaws.
Zoom has admitted to the nature and scope of its security flaws. Eric S. Yuan, the CEO and founder of Zoom, apologized for the misunderstanding surrounding this matter, saying: “We acknowledge that we have fallen short of the community’s – and our own – expectations in terms of privacy and security. I apologize profusely for this.” “Zoom was built primarily for enterprise customers – large institutions with full IT support,” Yuan explained. He went on to say that Zoom would be “immediately enacting a feature freeze” and “shifting all of our engineering resources to focus on our biggest trust, safety, and privacy issues.”
Security challenges with Zoom Video Conferencing include:
- Data Leakage – When using the Zoom Windows client group chat feature to share links, anyone who clicks on them will be exposed to their Windows network credentials. Because the Zoom client transforms Windows networking Universal Naming Convention (UNC) paths into clickable links, this is the case. When a user clicks that link, Windows shares the user’s login credentials, resulting in unexpected and unwanted logins to the enterprise cloud architecture. As a result, it’s even more important to have strong password policies in place and to keep track of every instance of UNC path sharing.
- Privacy shortcomings – Zoom has been accused of inadvertently disclosing user information to third parties such as Facebook. Although this privacy gap appears to have been closed, it has been reported that the iOS version of Zoom’s app sends analytics to Facebook even for users who do not have a Facebook account.
- Zoombombing – the practice of hijacking video conversations by uninvited parties to disrupt the usual proceedings. Hijackers have included school children spreading hateful comments or threats, to adults spreading racist content or even pornography. IT security administrators must implement stringent policies to prevent such attacks.
Security best practices for Zoom Conferencing include:
- Password-protect all your meetings, otherwise anyone will be able to join.
- Use the waiting room feature – this allows the meeting host to validate each participant before letting them join the meeting.
- Enforce login policies – use single sign-on (SSO) technologies such as Google or Okta to allow Zoom access.
- Update the Zoom client – install available updates immediately. Cyber criminals are actively attacking and Zoom is responding quickly – the latest update features password protection for all meetings by default.
- Do not share your meeting ID, as anyone will be able to join. The UK Prime Minister Boris Johnson highlighted this risk by showing the ID of his cabinet meeting to the entire world via his Twitter account – warn your employees to never copy this idea. Do not post public links to your meeting either.
- Disable the “Join before host” function to ensure the participants aren’t surprised by malicious actors.
- Disable participant screen sharing to minimize the risk of meeting hijacking.
- Lock a meeting when everyone has joined.
- Keep track of relevant metrics related to your guests, such as which hosts create the meeting most often and for what number of guests, recent activities by guests, what meeting IDs are consistently being used by guests, who outside of your organization is joining meetings most often, foreign participants and where do they join from, etc.
- Keep track of your user activity, especially if they make changes to their user profiles, consistently use personal meeting rooms, or display anomalous behavior.
- Ensure you know which accounts have been inactive over the past month.
- Monitor Windows UNC path sharing.
- Monitor anomalous admin activities as well as new and deleted users.
- Do not use Personal Meeting IDs.
Stay safe, be well. Learn more about how CYB3R-X protects organizations against work-from-home cybersecurity risks.