The post Zoom’s Video-teleconferencing Platform Still at Risk: FBI Warns appeared first on CISO MAG | Cyber Security Magazine.
]]>In its latest security advisory, the FBI has alerted members and organizations about rising criminal acts of hackers on Zoom video conferences. The attackers, tracked as Zoombombers, are allegedly breaking into online classes and business meetings to disrupt or just to play pranks. “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language. As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called Zoombombing) are emerging nationwide,” the FBI said.
What is Zoombombing
In a Zoombombing attack, unauthorized guests (Zoombombers) connect to a Zoom meeting room and disrupt the meeting by doing non-contextual things like hurling insults, playing pornographic content, or making threats to other participants. A Zoombombing incident takes place when participants knowingly or unknowingly share a Zoom meeting ID (and sometimes its password) on social media or discussion forums like Reddit and Quora threads.
Zoombombing Incidents
The FBI stated that several Massachusetts schools, including other businesses, have reported incidents of Zoombombing attacks. “In late March 2020, a Massachusetts-based high school reported that, while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual dialed into the classroom. This individual yelled profanity and then shouted at the teacher’s home address in the middle of an instruction. A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos,” the FBI added.
Rise in Video Conference Services
With organizations and educational institutions globally continuing their operations remotely, cybercriminals are taking advantage of this situation by targeting video conference and calling platforms like Zoom.
Related story: DDoS Attacks on E-Learning Platforms Increase by 550%.
Do Your Due Diligence
The FBI also recommended certain security measures to mitigate teleconference hijacking threats. These include:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screen sharing options. In Zoom, change screen sharing to Host Only.
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
The FBI has asked the victims of teleconference hijacking attacks to contact its Internet Crime Complaint Center at ic3.gov.
The post Zoom’s Video-teleconferencing Platform Still at Risk: FBI Warns appeared first on CISO MAG | Cyber Security Magazine.
]]>The post No More “Zoombombers” on Zoom Calls; Zoom Upgrades its Cybersecurity Feature appeared first on CISO MAG | Cyber Security Magazine.
]]>Video conferencing app maker, Zoom, has launched a new feature in its latest update that will help the conference hosts to block uninvited guests known as “Zoombombers,” from entering the calls. Zoom calls this new feature, “At Risk Meeting Notifier.”
What is “Zoombombing”
Zoombombing attack is an instance where uninvited guests connect to a Zoom meeting room and disrupt the meeting by doing non-contextual things like hurling insults, playing pornographic content, or making threats to other participants. Typically, a Zoombombing incident takes place when participants knowingly or unknowingly shares a Zoom meeting ID (and sometimes its password) on social media, or discussion forums like Reddit and Quora threads.
How “At Risk Meeting Notifier” Will Help
The “At Risk Meeting Notifier” feature will constantly run on Zoom’s backend servers. It is a fully automated process with no manual intervention required. This feature constantly scans and compares the Zoom’s Meeting ID of the conference call against the posts published across social media platforms and certain open web resources like Reddit and Quora.
Upon finding a match, Zoom automatically sends an alert to the meeting host informing them of the match via email. The hosts can then take remedial measures of blocking that Zoombomber by changing the password or scheduling a new meeting to avoid a possible hijack of the meeting.
Related Podcast:
Episode #3: How Zoom is Enhancing Security and Evolving its Product
How to Stop a Zoombomber if he is Already in the Meeting
There is a possibility that participants may leak the meeting credentials to a Zoombomber purposely to cause chaos. So, to stop a Zoombomber who has already entered a meeting, Zoom has introduced a “Suspend Participant Activities” option under the security icon. When the host clicks on this option, all video, audio, in-meeting chat, annotations, screen sharing, and recording is suspended, and all breakout rooms are ended. This should shut down the Zoombomber’s activity immediately. From there, Zoom will ask the host if they want to report a user, and if they do, that user will be removed from the meeting and Zoom’s security team will be notified.
Things to do If You Receive Mail from the “At Risk Meeting Notifier”
Zoom strongly recommends the following actions if admins receive a notification email from Zoom’s new cybersecurity feature:
- Firstly, report the public post where the Meeting ID has been published. Ask the site admins to remove the link from their website/platform.
- Delete the existing meeting and schedule a new one instead with a new Meeting ID and additional authentication of a Password/Passcode. This makes the meeting private.
- Send the new Meeting ID exclusively to only the participants you trust.
- Enable the following security settings for your meeting/conference call:
- Meeting password/passcode
- Waiting room
- Meeting registration
Additionally, Zoom recommends that if canceling and rescheduling the public meeting is not possible then convert the meeting to a webinar as this gives the host control over who participates with video, audio, chat, and screen sharing.
Related News:
The post No More “Zoombombers” on Zoom Calls; Zoom Upgrades its Cybersecurity Feature appeared first on CISO MAG | Cyber Security Magazine.
]]>The post 3 Best VPN Services for Zoom in 2020 appeared first on CISO MAG | Cyber Security Magazine.
]]>By Joshua Blackborne
But with the advent of Zoom come other sorts of problems. Starting from an alleged hack of half a million accounts to Zoombombing, organizations and people need to take the best security measures at all times.
One way to go about it is to turn to VPN to ensure their zoom meetings are secure and private. This is what you need to know about VPNs for businesses and how to choose the most suitable VPN service for your needs.
VPNs for Business
VPN refers to Virtual Private Network, a private network that hides the company’s activities, reduces the chance of cyberattacks, and enables communication with international clients by bypassing geo-restrictions.
Most businesses that use this valuable digital tool have remote employees or need to work online to some extent. That could mean holding the occasional Zoom meeting, giving employees remote access to the company’s digital platform, or working while traveling.
Remote work poses security threats, especially for employees who use public Wi-Fi or connect to the company’s systems without previously having their home devices secured. VPNs can aid with most of these issues.
Why You Need a VPN for Zoom
For most organizations, Zoom has become an essential business tool. As mentioned, the rise in popularity of the Zoom platform is connected to its user-friendly experience but also the worldwide pandemic that accounted for over 300 million users of the platform daily.
However, the popularity of the platform does not equate to the cybersecurity of the system. Zoom is notorious for its cyber vulnerabilities, lack of end-to-end encryption, and privacy concerns.
For companies that need to keep in contact with their international clients, VPNs for business can surpass geo-restrictions, i.e. unblock Zoom in countries that have banned it. What’s more, VPNs significantly increase loading and connection speed.
Top 3 Business VPNs for Zoom
Nowadays, many VPN services offer to protect your business and set up basic security systems. Which is the best VPN for your business needs depends on the size of the business, systems in use, and other company requirements.
The top three chosen VPNs are household names in the world of cybersecurity, work with Zoom, and set the standard for any emerging VPN service.
1. CyberGhost
CyberGhost is ideal for businesses that employ remote workers such as freelancers who travel and need to use unsafe public Wi-Fi. They can be downloaded on any device and their services are available in the app stores as well.
It’s one of the most popular VPNs because of its user-friendly interface and blazing fast speeds. CyberGhost is also simple to install taking just a few minutes.
This VPN protects you from common Zoom vulnerabilities by encrypting your data and sending it through a safe and private tunnel that hackers can’t easily target.
2. NordVPN
NordVPN is another excellent choice for businesses that currently have multiple home-based employees. It is compatible with multiple devices and it offers great speed along with thousands of servers worldwide, making sure nothing interrupts the flow of the Zoom meeting.
What makes this VPN one of the leaders in the industry are multiple options when it comes to subscriptions and services. They launched a novel service for businesses NordVPN Teams that features many advanced options for managing your business.
This VPN also takes care of cybersecurity concerns that many Zoom users have. Namely, it protects your personal data using up-to-the-minute encryption. Furthermore, Nord has a strict no-log policy that ensures your data is safe from hackers.
3. Surfshark
Similar to NordVPN and ExpressVPN, Surfshark is big on cybersecurity and offers a VPN service that maximizes your speed, privacy, and more.
Surfshark is an ideal choice for businesses that need to connect multiple devices as it offers unlimited simultaneous connections.
To make sure your Zoom meetings are private and hidden from hacking activities, Surfshark uses 256-bit encryption, creates double VPN private networks, and no-log policy to protect your private information.
It is the most expensive out of the three but with additional features such as a built-in ad-block, Surfshark is a VPN for a business that saves a lot of time and money that you would otherwise spend on cybersecurity tools.
Conclusion
Businesses that use Zoom need additional cybersecurity measures to protect themselves from data leakage and cyberattacks.
There is a lot to consider when choosing the right VPN for your business. However, top VPN service providers cover most of the security concerns of any business and they’ve become a requirement since more workplaces operate remotely.
Is your business protected?
PAID FEATURE
Disclaimer
CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
The post 3 Best VPN Services for Zoom in 2020 appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Episode #3: How Zoom is Enhancing Security and Evolving its Product appeared first on CISO MAG | Cyber Security Magazine.
]]>While those in the corporate world were familiar with the use of Zoom, new users faced “video shock” and were not familiar with concepts like waiting rooms, virtual backgrounds, gallery/speaker views, meeting links, meeting IDs, and passcodes. But today it’s a different story, and we all are more confident in using this tool.
However, Zoom faced a setback earlier this year when its security was compromised leading to “Zoom bombing” attacks.
Thankfully, Zoom worked hard on its 90-day plan to fix those security issues and set up a CISO Council and Advisory Board. It now collaborates with CISOs, governments, and security agencies and experts across the industry to ensure that it is implementing security and privacy best practices. Zoom has also recruited hard-core security experts like Alex Stamos, who joined as an external advisor.
Listening time: 31 mins. 34 sec.
In this episode, Magnus Falk, Zoom’s CIO Advisor – EMEA region updates Brian Pereira, Principal Editor, CISO MAG about Zoom’s new security features like end-to-end encryption. He also talks about the accelerated growth and popularity of Zoom, and how the video platform is evolving.
With over 30 years in the industry, Falk brings a wealth of experience to the table and is an esteemed digital and technology leader.
His diverse experience includes a 16-year stint at Credit Suisse where one of his roles was CIO in EMEA, seven years in Accenture as well as holding the position of Deputy Chief Technology Officer for HM Government.
He has a Bachelor’s Degree in Mining Engineering from Imperial College London and was also a Captain in the British Army for nearly four years.
Listen to our previous podcast episodes here.
The post Episode #3: How Zoom is Enhancing Security and Evolving its Product appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Zoom Beefs Up Security with Two-Factor Authentication appeared first on CISO MAG | Cyber Security Magazine.
]]>How Does 2FA Help Zoom
Zoom’s 2FA adoption primarily provides the app an added layer of security and helps prevent potential security breaches. Other benefits include:
- Improved security: It reduces the risk of identity theft and security breaches by preventing bad actors from accessing accounts by guessing passwords, or credential stuffing or gaining access to employees’ or students’ devices to get into the main network.
- Reduced costs: SSO or other forms of login and authentication can punch a hole in the pocket for smaller organizations. However, Zoom’s 2FA provides a free and effective way to validate users’ authenticity.
- Enhanced compliance: 2FA implementation helps organizations fulfill compliance and regulatory needs for sensitive data and customer information.
- Easier credential management: Password management can be a task especially in this digital normal where you have online accounts for even ordering your daily veggies and groceries. Thus, a 2FA provides an additional level of security without the hassles of constant password management.
Enabling Zoom’s 2FA for Your Organization
As per Zooms blogpost, Zoom not only offers 2FA but a host of other authentication methods such as SAML, OAuth, and/or password-based authentication, which can be enabled or disabled for an account based on user/admin preference. To enable the 2FA at account-level for password-based authentication, the admins need to follow these steps:
- Sign into your Zoom Dashboard.
- Go to navigation menu, first select Advanced, and then click on Security.
- Make sure the Sign in with Two-Factor Authentication option is enabled.
- Select one of these options to enable 2FA for:
- All users in your account:Enable 2FA for all users.
- Users with specific roles:Enable 2FA for specific user roles. Click Select specified roles, choose the roles, then click OK.
- Users belonging to specific groups:Enable 2FA for users in a specific group. Click pencil icon, choose the groups, then click OK.
5. Finally, once you are done click ‘Save’ to confirm your changes made to the 2FA settings.
The post Zoom Beefs Up Security with Two-Factor Authentication appeared first on CISO MAG | Cyber Security Magazine.
]]>The post 3 Critical Cybersecurity Gaps Enterprises Face with Collaboration Apps and How to Close Them appeared first on CISO MAG | Cyber Security Magazine.
]]>By Andrew Homer, VP of Security Strategy at Morphisec
Why? Most adversaries operate on a business model that will be familiar to those in the corporate world; they spend their time building exploits for tools that are widely used to maximize their return on investment and thus their profits. Now that collaboration tools like Zoom, Slack and WebEx are increasing in popularity, threat actors have started to focus on them. This is particularly concerning because collaboration app software providers often are not organized around quickly patching zero-days and hardening their software, largely because they have not needed to be before now. And it shows.
No less than Google, SpaceX, and even NASA, recently banned their remote employees from using Zoom. Shifts from such prominent organizations have shined a spotlight on the widely popular video conferencing tool’s security flaws. While “ZoomBombing” trolls can certainly be embarrassing, those are more pranksters than serious threat actors. What those news stories do, however, is highlight Zoom’s vulnerabilities in the face of sophisticated ransomware, zero-day attacks, and malware targeting their current weaknesses.
Just a couple of weeks ago, Morphisec Labs researchers presented a discovery that the Zoom app itself can be used as a delivery tool for recording and stealing information. A sophisticated attack using a trusted collaboration application like Zoom is particularly alarming because it is trusted, signed, and perhaps even whitelisted in some cases. As a result, an attack via Zoom likely will not flag any alarms on detection logic that might be thrown with other recording software. Traditional antivirus software would have no remedy for defending against this type of breach. This is just one example. Another is that Zoom is vulnerable to a classic Windows ‘UNC path injection’ revealed by a former NSA hacker, which was exploited to allow remote attackers to steal victims’ Windows login credentials or take control of the computer to run commands.
Three Critical Cybersecurity Gaps
Although Zoom is the video conferencing app most often in the news right now, its security weaknesses are not unique amongst collaboration apps. If anything, the only reason Zoom is in the news for exploits is because of its exponential user growth; threat actors see the higher user counts and likely decided to focus on building exploits to cash in. With that in mind, let’s go through what three of the biggest cybersecurity gaps are right now with collaboration tools like Zoom.
1. Collaboration Apps Cannot Patch Vulnerabilities Fast Enough
For the past 20 years, Microsoft Word and Adobe Flash have been two of the most targeted applications for cybercriminals. The reason is that these two pieces of software are ubiquitous, which appeal to financially-motivated cybercriminals looking to get the best ROI for their efforts. As a result, Microsoft and Adobe both have armies of security experts on staff to plug vulnerabilities as they appear.
With spending on collaboration applications predicted to exceed $48 billion by 2024, it’s no wonder that cybercriminals see dollar signs in this segment. Unfortunately, collaboration apps are not structured to quickly patch security flaws. The reason is simple: they haven’t been targets until now because their user numbers weren’t high enough to attract threat actors. The other problem facing collaboration app vendors is that there is a severe shortage of security experts worldwide and there are not enough tools to quickly and efficiently find flaws in these tools.
Exploiting collaboration apps can lead to remote code execution, which allows the adversary to run their malicious code on the infected machine. For example, Slack recently experienced an exploit that allowed the adversary to completely exfiltrate messages, contact lists, and every other form of data tied to the messaging application. Zoom has also recently reported several zero-day attacks, including the UNC path exploit and one that enabled attackers to install malware on targeted machines.
With unknown zero-days making up 80% of successful attacks, these widely used tools and their users are relegated to a helpless position.
2. Higher Risk of Browser-Based Attacks
Coupled with risky patching processes is a much higher risk of browser-based attacks, especially for applications like WebEx, Go to Meeting and Zoom that are accessible via a browser. This vulnerability exists because video conferencing and collaboration tools require their own code to be loaded into the browser to support their functionality. As a result, the risk of attack remains high since these vendors do not yet heavily invest in secure coding. This can lead to an attacker abusing the loaded code to eventually remotely execute code on behalf of the browser.
While sandboxing within some browsers may make this method better than relying on the applications, a recent report from Positive Technologies found that in nine times out of 10, hackers are able to easily attack website visitors and a whopping 82% of web application vulnerabilities lie in the web application’s source code.
This high risk of vulnerability via the web browser should give any IT security professional pause. Browser attacks such as drive-by downloads and browser-based phishing are at high risk with collaboration apps. This is especially true today given how exposed many of these applications are to threat actors and the rise in WFH employees.
3. Increased Risk of Successful Social Engineering Attacks
Phishing emails are the most used malware delivery mechanism today. In fact, internal data from Morphisec illustrates phishing campaigns are skyrocketing as malicious parties look to take advantage of a captive audience of work-from-home employees. Between March 8 and April 12, Morphisec saw phishing and adware attacks soar from just 2,000 dt per week to more than 90,000 dt per week.
Collaboration apps, in particular messaging tools like Slack and Microsoft Teams, provide new avenues for these bad actors to deliver phishing attacks and act upon them, while video conferencing apps especially run the risk of being used for social engineering. A successful attack in this context could result in credential-stealing on a remote employee’s machine and, if the user is an admin, the attacker could further their goals in a more streamlined manner.
Of course, adding fuel to the fire is the almost 2,000 domains containing the word ‘Zoom’ that have been created so far this year — even though Zoom isn’t the only target. Enterprises need to be wary of a magnitude of new phishing websites that have been developed to exploit vulnerable WFH employees and even parents homeschooling their children.
Attackers can use phishing tactics on remote employees to have them install a remote desktop tool, which can then be leveraged to deliver a payload. Just a few short months ago, it was discovered that ConnectWise Control was being abused to deliver the Zeppelin ransomware. So as business operations become virtual, safe browsing behavior becomes more important than ever.
How to Close Collaboration Apps’ Gaps and Counter Higher Security Risk
The world is in the middle of the greatest work-from-home experiment of all time as a result of COVID-19, and collaboration applications will only grow in importance as many enterprises recognize the financial benefits of remote working. This presages a corresponding increase in security risk, which CISOs and other security executives need to account for. To close the security gaps in collaboration apps, companies should:
- Implement basic security hygiene measures such as two-factor authentication for password protection where possible. Also, make sure to standardize on a single video collaboration tool and set it as a hard-line policy among employees. This will help prioritize patching efforts, as well as how to plan for upgrading legacy systems and applications. This is often only a minor inconvenience for employees and goes a long way to prevent breaches.
- Deploy more proactive defense mechanisms that can protect against malicious use of collaboration applications, unlike traditional antivirus protection. Moving target defense is one example of this type of solution, which morphs application memory and protects collaboration apps from cyberattacks by changing the structure of the application on the endpoint. This changes the targeted application from a known to an unknown, complicating the job of the hacker as suddenly they are unable to identify the target application. This also instantly protects collaboration apps against the in-memory exploits, new zero-days, fileless attacks and evasive malware that we expect to proliferate in the coming month.
- Harden endpoints in a deterministic and automatic way to ensure full business continuity against an attack. This is a core feature of moving target defense, enabling security teams to protect applications without human intervention. This makes it easier for remote workers to access the collaboration tools they need when they need them.
Protecting Enterprises from the New Zero-Day Frontier
Despite their importance for enterprises, the reality is that collaboration applications are often unequipped for prime time. Slack, Zoom, Microsoft Teams, WebEx, Go to Meeting, and other tools all have their security flaws and will continue to be exploited now and in the future.
Compared to most other enterprise applications, they simply lack robust security posturing, making them particularly vulnerable to zero-day attacks and evasive malware. But they need to be protected more effectively against the worst cyberattacks. And this is what moving target defense excels at, including automatic hardening of remote endpoints that enable work from home employees to access the collaboration apps they need to be productive.
Moving target defense looks tailor-made for this moment, but the protection it provides only lasts as long as the collaboration apps remain in the company toolkit. Far from being an asset just to survive through COVID-19, MTD is — and should be — the centerpiece of an effective, enduring endpoint security strategy.
About the Author
Andrew Homer is VP of Security Strategy at Morphisec and has numerous years of hands-on experience creating strategic technology partnerships and leading teams through growth phases. Prior to Morphisec, he was Director of Business Development and Technology Alliances at RSA, where he led the company’s technology ecosystem, strategic alliances and embedded OEM partnerships. Homer has also held business development positions at Dell, EMC and VMware.
Disclaimer
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.
The post 3 Critical Cybersecurity Gaps Enterprises Face with Collaboration Apps and How to Close Them appeared first on CISO MAG | Cyber Security Magazine.
]]>The post 4 Critical Responsibilities of a CISO Post COVID-19 appeared first on CISO MAG | Cyber Security Magazine.
]]>By Rudra Srinivas, Feature Writer, CISO MAG
The new cybersecurity priorities post COVID-19 that will become the new normal for most CISOs, will include:
1. Securing Remote Employees
With organizations working remotely, the security of employees’ devices became a major concern for security leaders across the globe. There was a rise in the need to secure endpoints, as multiple access points from multiple locations are connected to a corporate network. However, the lack of security in remote work environments exposes vulnerable devices to potential cyberattacks. New security policies have been created and certain permissions are relaxed due to the swift change in the remote work culture. Several industry experts stated that the surge in remote work increased the risks of cyberthreats like never before. The ongoing crisis forced CISOs to work uphill in order to meet the risk assessments.
2. Quick Actions Required
The ongoing crisis has forced organizations to go digital, overlooking potential cyber risks. These sudden developments could lead to cyberthreats like DDoS, defacements, and data breaches. At this point in time, it is essential for CISOs to patch the holes in their network security as quickly as possible. This indicates that product research, purchasing tools, testing, developing, and deployment should ramp up quickly. CISOs across the globe are now looking for security tools that are configured instantly and easily to prevent new cyber risks.
3. Tackling New Attack Vectors
The threat actors have reinvented their attack approaches during the ongoing pandemic. COVID-19-related phishing scams, disinformation campaigns, weaponized websites, and malware infections have become widespread across the internet. Recently, a security firm discovered that threat actors distributed malware disguised as “Coronavirus Map” to steal personal information that is stored in the user’s browser. Attackers designed multiple websites related to Coronavirus information to prompt users to click/download an application to keep themselves updated about the situation.
In addition, the number of ransomware attacks on remote workers has also increased in recent times. Ransomware operators are forcing companies to pay a high ransom in order to get decryption keys. According to a recent survey, the average enterprise ransom payments increased 33% ($111,605) in Q1 of 2020 from Q4 of 2019.
4. Security Concerns with Third-Party Applications
Endpoint security at home is not as secure as it is in the office. Large swaths of remote workers are depending on third-party video conferencing apps, cloud-based productivity tools, and other virtual private networks during the lockdown. These are, in turn, exposing remote workstations to potential vulnerabilities that already exist within these applications. Malicious actors are misusing the crisis to exploit the loopholes in third-party products and services. Several privacy and security concerns associated with these apps resulted in severe criticism and cyberthreats globally.
For instance, the Zoom videoconferencing app was flagged unsafe due to its vulnerability to cyberthreats. Over 500,000 account credentials of Zoom users are being sold on the darknet. According to a research, hackers have shared a database containing more than 2,300 usernames and passwords of Zoom accounts on dark web forums. The FBI slammed Zoom for not maintaining proper privacy and security measures for its users. The authorities also warned that the video meeting app is prone to hacking, as it contains certain unpatched bugs.
Conclusion
When employees work from office, they are protected by a strong security infrastructure that has been put up in corporate network systems. But when the same workstation is operated from a different location and different network, it automatically increases the level of risk. At this moment, it is crucially important to build an integrated cybersecurity architecture to secure the remote workforce. It is certainly a greater challenge for security leaders to monitor and protect the employees against malicious attacks with new demands coming in due the changing business model.
About the Author
Rudra Srinivas is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.
The post 4 Critical Responsibilities of a CISO Post COVID-19 appeared first on CISO MAG | Cyber Security Magazine.
]]>The post How to Prevent Zoom Credential Theft appeared first on CISO MAG | Cyber Security Magazine.
]]>Affected accounts included ones from colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and even well-known companies such as Chase, Citibank, and more.
In this article, I’ll talk about how the zoom credential theft occurred, the security flaws that facilitated it, and how you can prevent it from happening to yourself.
By Robert Mardisalu, Co-founder & Editor of TheBestVPN.com
A History of Zoom’s Privacy and Security Flaws
As the COVID-19 pandemic pushed more and more people to self-isolate, Zoom found itself gaining millions and millions of users. The platform has seen daily meetings surge from 10 million in December to 300 million today. Unfortunately, this surge in popularity carried with it an increase in privacy risks.
The first of Zoom’s privacy and security flaws surfaced late last month when it was revealed that Zoom’s iOS app was sending user data to Facebook.
Soon after, reports of classroom Zoombombing involving a swastika sign led the FBI to issue a public warning about Zoom’s security issues. More bugs then started showing up.
One Windows-related bug was discovered to have exposed users to password theft. Another bug allowed bad actors to take control over a Zoom user’s microphone or webcam. One more bug allowed Zoom to gain root access on MacOS desktops — a particularly risky fact.
It was then eventually discovered that Zoom doesn’t use end-to-end encryption as promised and that it was leaking users’ email addresses and photos to strangers through their “company directory” feature.
The following days then revealed more issues like Zoom’s data-mining feature, video call records left viewable on the web, calls “mistakenly” routed through Chinese whitelisted servers, and the discovery of a link to a collection of 352 compromised Zoom accounts in the dark web.
It was just a week after this latest discovery that Cyble found more than 500,000 Zoom accounts on hacker forums.
How the Zoom Credential Theft Occurred
Cyble, a cybersecurity firm, was the first to discover the credentials being sold on hacker forums around April 1, 2020. Cyble then reported this discovery to BleepingComputer.
Apparently, Zoom accounts were being posted on the forums to gain a reputation around the hacker community. Some accounts, like the ones from various colleges, were given for free. Others were sold for $0.002 each.
The stolen credentials included email addresses, passwords, personal meeting URLs, and host keys that allowed threat actors to enter meetings and carry out Zoomboming attacks.
Upon this discovery, Cyble bought 530,000 credentials to warn their owners of the impending threat. When contacted, one exposed user said that the stolen password was an old one. This raised the likelihood that some credentials were stolen through older credential stuffing attacks.
The bad actors got the credentials from accounts leaked in older data breaches and attempted to use them to log in to Zoom. All successful logins were then compiled into the lists that were posted on hacker forums.
Some accounts were given for free to be used in Zoombombing pranks while others were sold in bulk at less than a penny each.
How to Avoid it?
Since these credentials were exposed through credential stuffing attacks, the best way to protect your Zoom account is to change your password. If you’ve had your Zoom account before the pandemic lockdowns started, you might need to change your password now.
This should come as old news, but it’s been ignored enough to warrant a reminder:
Use strong and unique passwords
Strong passwords should be a combination of upper- and lower -case letters, numbers, and symbols. Use a different strong password for each online account — never use the same password twice. Perhaps use a password manager app to generate and keep strong passwords for you.
You can make sure your emails or usernames have not been included in any data breach by checking on data breach-notification services like Have I Been Pwned or AmIBreached. These services will show if your username or email has been exposed and from which company they were stolen from.
In their statement to BleepingComputer, Zoom said that it’s common for bad actors to target web services that serve consumers with this type of activity (credential stuffing). “This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems” they added.
Zoom also stated that they’ve already hired multiple intelligence firms to find the password dumps and tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
Zoom is still investigating, locking compromised accounts, asking users to change their passwords to something more secure, as well as looking to implement additional tech solutions to aid in their efforts.
About the Author
Robert Mardisalu is the co-founder & editor of TheBestVPN.com, a computer security professional, privacy specialist and cybersecurity writer. He has authored many insightful blogs that help readers to think beyond the surface.
Disclaimer
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article
The post How to Prevent Zoom Credential Theft appeared first on CISO MAG | Cyber Security Magazine.
]]>The post India Flags Zoom App as Unsafe, Releases Advisory for Safe Use appeared first on CISO MAG | Cyber Security Magazine.
]]>The advisory asked government representatives to avoid using the Zoom platform for official purposes, citing it as unsafe. The advisory also listed certain guidelines for safe usage of Zoom by private entities and individuals for unofficial purposes. These include:
- Set new user ID and password for each meeting
- Enable the meeting room
- Disable join before host
- Allow screen sharing by host only
- Disable allow removed participants to re-join
- Restrict or disable file transfer option
- Lock meeting once all attendees have joined
- Restrict the recording feature
- End meeting (and not just leave, if you are the administrator)
In response to the Indian government’s advisory, Zoom authorities stated that the company is discussing potential ways to reinstate the confidence of Indian users on its platform. It also plans to bring the end-to-end encryption on the platform for video meetings, which is only applicable to the textual conversations so far.
The latest move comes after several companies warned about security issues from using Zoom. Recently, Germany and Taiwan have banned the use of Zoom in their nations. The New York City officials stated that schools in the City will no longer be allowed to use Zoom for online teaching. Also, the Australia’s Defense Force and its MPs are barred from using Zoom services.
Security Flaws in Zoom App
Security researchers claimed that the Zoom application is vulnerable to remote attacks. According to cybersecurity expert Mitch@_g0dmode, Zoom’s video conferencing software for Windows is vulnerable to “UNC path injection” flaw that could let hackers steal Windows passwords and execute arbitrary commands on their devices. Soon after the vulnerability was identified, the company fixed the issue by releasing a patch. The CEO of Zoom, Eric Yuan, addressed the security issues and stated that a patch has been released to fix the UNC vulnerability. The fix will be pushed out automatically to all the users.
The post India Flags Zoom App as Unsafe, Releases Advisory for Safe Use appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Hackers Sell Thousands of Zoom User Account Credentials on Dark Web appeared first on CISO MAG | Cyber Security Magazine.
]]>The exposed database contains usernames and passwords of personal Zoom accounts, including corporate accounts belonging to banks, consultancy companies, educational facilities, software vendors, and healthcare providers.
In addition to the credentials, some of the accounts include meeting IDs, email and passwords, names, and host keys. Researchers also highlighted that they’ve found various posts and threads of dark web forum members discussing different approaches of targeting Zoom’s conferencing services.
This will be one more blow for Zoom, as the company is already suffering severe criticism and cyberthreats globally. Recently, a cybersecurity expert Mitch@_g0dmode discovered that Zoom’s video conferencing software for Windows is vulnerable to “UNC path injection” flaw that could let hackers steal Windows passwords and execute arbitrary commands on their devices. Soon after the vulnerability was identified, the company fixed the issue by releasing a patch.
The FBI has also slammed Zoom for not maintaining proper privacy and security measures for its users. The authorities also warned that the video meeting app is prone to hacking, as it contains certain unpatched bugs.
Taiwan Government Bans Zoom
The government of Taiwan announced a ban on the official use of Zoom. In an official statement, the Executive Yuan stated that all government agencies and certain non-government organizations are restricted to hold video conferencing calls using Zoom, citing security and privacy concerns. As an alternative, the government recommended agencies to use video conferencing software offered by other companies, like Google and Microsoft.
Taiwan is not the only one to bar Zoom services. Recently, New York City officials stated that schools in the City will no longer be allowed to use Zoom for online teaching. Australia’s Defense Force and its MPs are also barred from using Zoom services.
The post Hackers Sell Thousands of Zoom User Account Credentials on Dark Web appeared first on CISO MAG | Cyber Security Magazine.
]]>