Addressing Zoom Meeting Vulnerabilities

Zoom Meeting - zoom vulnerabilities

Remote work is hard enough.

We’re already stressed about being stuck at home, worrying about the COVID-19 virus, and trying to make sure our pajamas don’t show up on the webcam during a conference call.

Now, hackers are making it even harder by increasing their attacks on remote workers.

Zoom Bombing

Many conference calls and classrooms use Zoom’s online video conference platform.

Unfortunately, some calls suffer from “Zoom Bombing” when malicious actors hijack sessions.

The FBI recommends that users take the following measures to prevent Zoom Bombing:

  • Do not share Zoom conference links on Social Media
  • Manage screen-sharing options to “Host Only”
  • Do not make meetings or classrooms public
  • Ensure users update their local Zoom software

Security companies have added additional recommendations:

  • Use the control panel to enable H.323 and SIP encryption for audio
  • Use the password option on all Zoom meetings
  • Make sure the conferences are being hosted on legitimate Zoom websites

Zoom Phishing

The last recommendation above is required due to the increase in attackers trying to take advantage of Zoom’s popularity.

Both legitimate and malicious actors have registered over 1,700 new Zoom domains since the beginning of 2020.  While only 4% contain suspicious characteristics so far, users still must watch out for copycat domains.

And, Zoom is not the only target.

The phishing websites “googloclassroom” and “googieclassroom” target students and teachers trying to reach classroom.google.com.

All users must step up their vigilance by double-checking URLs. And, IT managers may want to consider a cloud-based DNS security as a safety net.

Of course, bad domains are not the only issue.

Researchers detected versions of the malicious “InstallCore,” a malware installer, masquerading as a legitimate video conferencing software installer by using ‘zoom’ or ‘microsoft-teams’ within the file name.

A phishing attack using these files tricks the user into loading a host of malicious files that render the endpoint vulnerable to future attacks.

More Zoom Issues

Not all Zoom problems stem from attackers.

Many users fail to take basic steps to protect their meetings.

Hackers using the zWarDial software to guess meeting IDs found 2,400 upcoming or recurring Zoom meetings in one day. Their exploration pulled up information such as the date, time, name and basic agenda for the meetings.

Only sessions using a password were unable to be detected by the zWarDial tool.

Meanwhile, it seems that major banks, government contractors, consulting firms and many others continue to host meetings open to public interference.

Zoom claims that passwords have been enabled by default since last year, but many users and admins opt out. It’s also possible that some users continue to use out-of-date Zoom software without the default password setting, which makes the software vulnerable to several critical legacy vulnerabilities.

With the number of users growing from 10 million in December to 200 million in March, Zoom can expect to suffer some growing pains. However, their privacy and encryption issues predate their surge in popularity.

Concerned researchers found several significant issues of concern:

While some of these vulnerabilities have been patched, it is up to our security teams to ensure 1) our endpoint users are using fully-patched software and 2) if our conference call is safe to be hosted, unencrypted, on servers in China.

Recent: Explaining Ransomware Without All the Jargon

For those who think the issue is limited strictly to Zoom, keep in mind that the company white-labeled their technology to Accession Meeting, AT&T Video Meetings, BizConf, BT Cloud Phone Meetings, EarthLink Meeting Room, Huihui, Office Suite HD Meeting, RingCentral, Telus Meetings, UMeeting, Video Conferencia Telmex, Zoom CN, and Zhumu.

For those looking for alternatives to Zoom, we recommend exploring TechRadar’s article on the top audio and video conferencing platforms.

Zoom remains #3 on their list for ease of use, but there are many other recommendations to explore.

Routers Under Attack

Even if we secure our conferencing platform, attackers will seek any weakness in the communication chain.

Researchers detected a cybercriminal group scanning the internet for vulnerable Linksys routers.

Recent: Is Your Company At Risk For a Cyber Attack?

Using a brute-force attack, the groups compromises systems using weak or default credentials.  Next, the group hijacks the DNS functions and redirects users to the cybercriminal’s website to download information stealing software.

Despite concentrating on the Linksys routers at this time, this exploit should be a reminder for our security teams to double-check our own routers.

More importantly, we may need to prepare instructions for remote workers to check their home routers.

While usually beyond the scope for the corporate IT department, many organizations cannot afford to have their security undermined by porous home-user security.

Patching Problems

Many IT departments struggle to keep up with patching, but 48% manage to update on-premises desktops and laptops in the first three days.

However, that number declines to 42% for remote desktops and laptops – and many workers have started working remotely.

Related: Work Safely From Anywhere at Any Time With BC-DaaS by Ideal Integrations!

Some users use alternative machines and leave corporate laptops turned off for extended periods of time. Naturally, the automated application of patching can’t happen on a machine that is turned off.

At the other extreme, some users never turn off their machines and cause the IT department to issue warnings or even remotely force a reboot to install critical patches.

Of course, this is only for the organizations with the ability to update patching remotely. For IT departments without automated patching software, the burden of tracking patches and machines for remote workers becomes more complicated and difficult to execute.

Ninety-two percent of IT professionals worry about the security of company-owned devices being used in home networks. Their worries intensify when the employees use personal devices to connect to the company networks from home.

Let Blue Bastion and Ideal Integrations shoulder some of the burden for your IT team.

Our managed IT services and managed security services can supplement an organization’s internal resources so they can catch up with the surge of issues created by the sudden shift to remote workers.

Complete the form below to get started!

Get Your Risk-Free Evaluation & Secure Your Business Today!