A hacker, regardless of what they’re specifically attacking, has the goal of interrupting business or perhaps school, stealing information, and corrupting information. Sometimes, the goal is all of these. With the coronavirus pandemic, cybersecurity has become even more relevant in most of our lives than it ever was before. We’re working and learning from home, and that means that we’re relying on technology like Zoom.
We’ve seen Zoom may not be safe from different types of attacks from network vulnerabilities, and it’s leaving many businesses and organizations wondering what they should know. Here’s what we know as of now, in terms of Zoom’s safety and cybersecurity risks.
What is Zoombombing?
In the spring, when the world moved online, we started seeing Zoom hackings. A term—Zoombombing—was coined. On March 30, there was a situation where hackers crashed a cyber attack-related Zoom meeting. The presenter was covering coronavirus disinformation posted online, and the so-called Zoom bomber started scribbling on the screen, so the meeting had to end early.
Zoom hackings have since interrupted everything from online 12-step meetings to government meetings. Some Zoombombings have been malicious than others, and have included disruptions with things like pornography and hate speech.
Other Zoom Security Events
There have been some specific events related to Zoom over the past few months that have gotten national and international attention.
In May, New York Attorney General Letitia James closed their inquiry into Zoom’s security practices. Zoom had to agree with the AG’s office to implement new security features in order to be used by the New York City Department of Education. In May, Zoom also bought a security company and said they did so in hopes they’d be able to deliver end-to-end encryption.
Hackers are also selling Zoom accounts. For example, research found that hackers sold hundreds of thousands of accounts for less than a cent each. To get the accounts, hackers use something called credential stuffing.
With credential stuffing, hackers use leaked information from previous data breaches to get into accounts. Then, with this information, the hackers can do the Zoombombings. Earlier in April, Zoom was facing some of its toughest criticism regarding security. For example, former engineers at Dropbox, which is a partner of Zoom, said both companies were aware of security flaws that allowed attackers to control the Mac computers of some users for several months before there was resolution.
What Can You Do?
So what can you do if you’re using Zoom for work or anything else?
First, you need to be aware of signs that your meeting has been hacked. Of course, the primary sign is a participant you don’t know, but you might also see unprompted screen shares or disruptive noises during a hacked meeting. There are other tactics Zoom hackers can try too, such as activating disabled cameras or screen recording meetings that are taking place.
One thing you can do to keep yourself and your meetings safe is using waiting rooms. When you set up a Waiting Room before your Zoom meeting, it helps you make sure that only the invited guests are joining your session. You can enable the feature in your Zoom settings menu. You should also adjust your settings for screen sharing. Let only the host share their screen.
Don’t share information for Zoom sessions on social media or post links on social networking sites, because then if people get the meeting link, they can join. You should log into Zoom using your web browser if you can because Kaspersky says it’s safer than the Zoom app.
You can also lock controls so that users on the Zoom call can’t change their name. If you have information that’s considered sensitive in your home that hackers might use to steal your identity, use a virtual background from Zoom during meetings. Protect every meeting with a password if you can.
Of course, you can also strengthen your account access with tried and true methods like using a unique and strong password and implementing two-factor authentication. Zoom can be safe, but it requires work on the part of users to make it safer because, during the coronavirus situation, its vulnerabilities have been front and center.
If your child is using Zoom for school and you have any security concerns, speak with school administrators because they need to be aware of possible problems. If you’re using Zoom personally or for work, make sure you have stringent safety settings turned on for your account.
Photo credits: eOffice