Andrew Gombar
Security Analyst, AaDya Security
The recent and abrupt pivot to a remote workforce has caused a significant increase in the use of web conference tools. And with the current federal recommendation to extend extreme social distancing practices until at least the end of April, this trend will likely continue. While these platforms offer a much needed communication method to help us stay connected with our teams, clients and even family and friends, they also increase our attack surfaces.
Unfortunately, malicious actors have quickly shifted focus to capitalize on this opportunity. You’ve likely seen recent reports describing “Zoom Bombing” used for everything from innocent pranks to the spread of disturbing imagery or hateful messages. There is also a growing concern over other privacy and security issues including phishing, malware and ransomware attacks. Thankfully providers are working on fixes, however many of these security concerns can be mitigated now, simply by ensuring correct security settings are in place.
What to watch out for:
- Emails offering a free trial from a web-based conference provider with links provided
- Emails saying there has been unusual activity on your account
- Notifications that your meeting attendees are waiting (when you do not have a meeting scheduled or started) that often comes during busy work times when you are more likely to have meetings
- Links to download applications
These are currently the most commonly used tactics, if you receive any version of the emails or notifications similar to those listed above, do not open or click on any of the links.
Simple steps you can take to stay safe and productive:
- Go directly to the source. If you wish to create an account with a conference provider, or have been notified of suspicious activity on your existing account, go directly to the provider’s website to sign up, or contact their customer service team to resolve the issue.
- Join meetings via trusted links. When joining meetings, go directly to your calendar or the provider’s application instead of joining from a link in an email or other notification.
- Enable single sign-on (SSO) or two-factor authentication. These should be turned on in the application’s security settings.
- Keep applications up-to-date. With the recent spike in increased usage, providers are working diligently to patch vulnerabilities. It is extremely important to install any updates as soon as they are available. You can typically find the version of software you are running in the “about” tab of the software and verify it is the newest version by comparing it to the version listed on the provider’s website.
- Use meeting passwords. To keep malicious actors out of your meetings, make sure your settings require a password to join.
- Enable features that restrict who can join. These features allow only people who have signed into a provider’s account to join any meeting(s) scheduled by you or your team. To provide an even greater level of security, you can restrict meetings to only allow people with specified domain names to join. This must be done by an administrator and only if you will be using these accounts strictly for inter-domain communication. If you need to communicate with customers or other partners outside of your organization’s domain, do not enable this feature.
- Make sure an administrator is monitoring the account. Most providers allow company administrators to join any ongoing meeting at any time where they can view the IP addresses, location data and device information of every participant of the meetings that occur within an organization. We encourage viewing these logs often to ensure no unwanted participants have joined your meetings.
As we continue to adapt to working away from our offices and colleagues, we must strive to meet the changing needs of our organizations and become even more vigilant with security practices. Whether it’s a threat related to the use of web conferencing tools, or the latest social engineering or phishing scams, AaDya is happy to offer our support. If you have any questions, please feel free to reach out to us at help@aadyasecurity.com.