In the current Coronavirus pandemic, you’ll probably have heard the app name Zoom mentioned. It’s enabling many of us in London and elsewhere to stay connected to colleagues while having to stay at home and work remotely. Zoom’s a Cloud-based communication platform that can be used for video conferencing, online meetings, chat, mobile collaboration and so on. Trouble is, if there’s one truth in the IT security world, it’s that the cybercriminal vultures are never far behind the curve, looking for any opportunity to deceive, lure and exploit people. And sure enough, attackers are attempting to take advantage of the app’s increasing user base amongst small to medium-sized businesses, so here’s how to stay safe using Zoom while remote working.
Awareness is key when you want to know how to stay safe using Zoom while remote working
Since the Covid-19 pandemic broke, the platform has added well over 2 million new users, whereas less than that number were added during the whole of 2019! In total, Zoom now has over 12.9 million monthly active users worldwide, with hundreds of new Zoom domains registered since the start of 2020.
Now there’s nothing surprising with any of these figures in the current Covid-19 driven unprecedented times. But while there’s already been a huge increase in Coronavirus-themed malicious campaigns called out recently, researchers have reported a surge in suspicious Zoom domains as the cyber scammers target this collaboration tool and the people who use it.
So, if you and your team are benefitting from the app you will, quite rightly, want to know how to stay safe using Zoom while remote working. In which case, you should keep reading.
Knowledge is power when it comes to Zoom and your cybersecurity
In this blog post we’re going to take a closer look at the cybersecurity threats that have arisen in the Zoom user space, so you and your team can keep your IT infrastructure, data, IP and financial and confidential information safe and secure while remote working and using the app. Below you’ll discover:
- Zoom hacking – how big’s the potential problem?
- Some of the dangers that can lurk in the Zoom user space
- What on earth is ‘zoombombing’?
- How Zoom has dealt with privacy and security concerns
- Why Zoom is still a sound collaborative platform choice
- Zoom safely and securely
Zoom hacking – how big’s the potential problem?
Researchers estimate that since the beginning of 2020, more than 1700 new Zoom domains have been registered (25% of these in just one week alone!) and of those 4% have been found to contain suspicious characteristics and could be used to launch cyberattacks for malicious purposes. That’s over 70 fake sites out there impersonating genuine Zoom domains with the intention of capturing and stealing personal information.
Cybercriminals believe the Zoom customer base offers potentially rich pickings because it’s used by more that just the small to medium-sized business community here in London. Indeed, 60% of the Fortune 500 use it and it’s been downloaded more than 50 million times from the Google Play app store.
Some of the dangers that can lurk in the Zoom user space
Cybersecurity experts have discovered a number of malicious files containing the word ‘Zoom,’ such as ‘zoom-us-zoom_##########.exe,’ where # represents various digits.
Now executing such files can run InstallCore on the user’s computer, which could allow cybercrimnals to load malware, unwanted third-party applications or malicious payloads depending on the attackers’ end goals.
It’s important to note that ‘InstallCore’ is marked as a potentially unwanted application (PUA) or potentially unwanted program (PUP) by various security solutions providers. Why? Because it will, on occasion, disable User Access Control (UAC), add files that will launch on startup, install browser extensions and generally interfere with a browser’s configuration and settings.
Zoom is not the only collaborative platform feeling the pressure from cybercriminals. A file related to the popular Microsoft Teams platform (“microsoft-teams_V#mu#D_##########.exe”) has also been found.
New phishing websites have also been spotted for every leading communication application, including the official classroom.google.com website, which was impersonated by googloclassroom\.com and googieclassroom\.com, the researchers found.
Other researchers have seen Zoom users infected with the Neshta file. Neshta is malicious software that infects executable (.exe) system files and uses them to collect system information such as installed apps and SMTP e-mail accounts. It might also be used to target removable storage devices and networks. Neshta sends the information to a web server controlled by cyber criminals.
The take out from all of the above is that malicious actors (ie cybercriminals) usually hide among legitimate websites and lure users by impersonating the original website or a relating service and then obtain the user’s credentials, personal information or payment details.
What on earth is ‘zoombombing’
Some of the Zoom’s features can be breached by cybercriminals.
For example, a feature that enables meeting hosts to monitor the activities of attendees, alerting them if somebody navigates away from the video window, and other features that let administrators check in on their colleagues and access and view meetings that they were not present at, have proven vulnerable.
If the Zoom reference number is shared on social media and the host fails to set screen-sharing to ‘host only’, this can allow uninvited guests to screen-share pornography or other disturbing imagery – an activity known as zoombombing.
Another important security step a Zoom meeting’s host should undertake is to disable ‘file transfer,’ which will prevent any malware being shared.
How Zoom has dealt with privacy and security concerns
In recent times, Zoom’s developers have had to patch and fix a number of security vulnerabilities.
One that could allow threat actors to potentially identify and join active and unprotected Zoom meetings removing the Facebook SDK (Software Development Kit) from the Zoom iOS application after it was reported that it collected and sent device information to Facebook’s servers, another that allowed hackers to remotely execute code on Macs where the application was uninstalled via a maliciously crafted launch URL and a flaw which could allow remote attackers to force Windows, Linux and Mac OS users to join video calls with their video cameras forcibly activated.
All in all, Zoom has now made the app more secure. Their developers have achieved this by adding password by default to all future scheduled meetings; made password settings enforceable at the account level and group level by account administrators; removed a feature that automatically indicates if a meeting ID is valid or invalid and added a feature to block repeated attempts to scan for meeting IDs.
Why Zoom is still a sound collaborative platform choice
Despite the concerns highlighted above, Zoom remains highly popular and is still reckoned to be one of the best collaborative platform options available in terms of ease of use, stability and video and audio quality.
So, like any technology, using Zoom can be great. However, you cannot allow your privacy and IT to be compromised, even for the benefits mentioned. Thus it’s crucial that you and your team are ultra-alert to the online threats while using this and other apps during the current Covid-19 crisis.
When you consider that 90% of cyber attacks start with a phishing campaign, the best actions you and your team can take are to adhere to basic security hygiene at all times. This includes:
- Being suspicious, cautious and extra vigilant about unexpected, unrecognised and unsolicited e-mails, messages, texts and social media posts, especially those including any mention of Zoom
- Being similarly skeptical about all e-mails and files from unknown senders, emphasising the need for every member of your team to stop, think and check before clicking on or opening anything they do not recognise – whether it mentions Zoom or not – especially when working remotely.
- Keeping an eye out for spelling errors in URLs and spelling errors, poor grammar or poor English in e-mails – these are usually a dead giveaway of a scamming communication.
- Only ever downloading software via direct downloads links and trustworthy, official sources.
- Updating and patching your installed Zoom software and operating systems using tools designed by the app’s official developers.
- Never using ‘Shadow IT’ or third party activation (‘cracking’) tools from unofficial sources which can infect computers with malware.
- Having reputable antivirus and anti-spyware software installed across all your teams’ computers and devices, and then regularly scanning those devices.Moreover, whether in relation to using Zoom specifically or your cybersecurity in general, it pays dividends to train and educate your team so that they are an effective first line of defence for your business, IT infrastructure, data, IP and confidential information, rather than the weakest link in your security chain (which they often are, through no fault of their own).
Meetings via Zoom – safely and securely
Our commitment and focus is to keep your business, people and resources safe and secure, today and tomorrow.
We’ve built an enviable reputation for being one of London’s leading managed IT services and cybersecurity teams, earning Five Star customer service ratings from TrustPilot, Feefo and Google as well as a 98% client retention rate.
So if you’d like to know more about the best ways to protect your remote team when collaborating via Zoom, why not have a confidential, no obligation chat about your requirements with the go to IT support team for London – totality services?