Amidst the COVID-19, when the companies have resorted to virtual meetings as a new normal to keep the businesses moving, the schools and colleges have likewise turned to virtual classes, this surge has resulted in 200 Million connections to Zoom every day in the month of March 2020, while in the same month last year, the engagement stood at an average of 10 Million connections per day. This colossal increase of adoptions has made Zoom a sweet spot for the hackers. In the recent attack references, termed as ZoomBombing, the hackers disrupt the ongoing Zoom with the issues like:
- Uninvited guests join the meeting and not only access to the screenshots, ongoing presentations, but also start showing the unsolicited content.
- Cause the disturbance in the meeting with unusual noise, comment, inputs or even drop some malware or pornographic materials, etc.
- Create chaos so that the Host is forced to end the Meeting.
The attackers either steal or distribute the Zoom Meeting IDs/Links to invite the uninvited guests to disrupt the meeting rooms. The distribution of the stolen Meeting IDs/Links along with the meeting passwords are distributed using the forums such as Twitter, Reddit, Discord, etc. Our researchers have highlighted another pattern, where any of the invited students engage with the hackers in connivance to cause disruptions to their own classes. Ministry of Home Affairs, Govt. of India has issued an advisory in this context on 16 April 2020 and we solicit you to have a look into the suggested measures.
Besides this, our cybersecurity research team recommends the following best practices to mitigate the risk:
- Strengthen the passwords for the Zoom Host accounts, or preferably use your Google or Facebook authenticated session to login to Zoom (as Zoom supports the Federated Identification from Google Mail, FB, etc.). Multi-factor authentication facilitated through Google Mail Login may offer additional security for the host of the meetings.
- Make sure to update the latest security patches for the Zoom that are installed on the host and attendees’ client app devices.
- Utilize available security configurations/settings, some of which can be exercised by the host prior to a session like disabling people from joining a call before the host, enabling a co-host, disabling file transfers to avoid sharing viruses, and disabling anyone from joining or rejoining a call once it has started.
- Avoid the recordings on the Zoom session until absolutely essential. In the event of the recordings, use the custom nomenclature for the recorded files instead of the default names.
- Installed and Updated Antivirus on the Host and Attendees will facilitate the protection against any potential malicious code or harmful Weblink dropped by the hackers in the compromised Zoom session.
- In case the attendees are children, it is suggested that the additional security configuration for enabling the Parental Control feature of the Updated Antivirus. This will protect against the launched pornographic links in the compromised Zoom session.
- Set control & access permissions for the attendees to allow their minimum required activities. In the schools and university classes over Zoom, sharing of the screen by attendees is a seldom requirement, therefore the strict measures of Host-Only can share the screen should be configured.
- Prefer using a client to site VPN sessions instead of Zoom in high privacy requirements.
- Use very strong passwords on the Wi-Fi or Broadband routers to avoid the broadband device takeover (at the site of a host or any attendee) by the hackers through a compromised Zoom session.
- Keep your Webcam off, if not required. Also, make sure to turn it off after the meeting is over.
- In the role of a host or presenter, beware of who is accessing the shared content, unwanted attendees, and the likelihood of unwanted attendees may share malicious/phishing content/files/links.
- Avoid keeping your meetings open to anyone and making sure that the security practices are followed by attendees prior to as well as during the meeting.
- Follow the best security practice policy chalked by your respective organization for endpoint & network security. You may have come across such policies during staff training related to security awareness.
- As the MHA, Govt. of India, has placed the Zoom App in the risky apps category, we solicit you to learn more about it at the following link: http://18.104.22.168/WriteReadData/userfiles/comprehensive-advisory-Zoom-%20meeting%20platfom-20200412-(2).pdf
Additional references associated with Zoom Security issues that have been reported recently are:
- Perpetrators record the meetings & release it publicly social media channels like TikTok.
- On April 1st, a (former NSA) hacker released two new Zoom 0-days that enable a hacker with local access to a Zoom session to take over the software to install malware
- The session recordings were easy to find and accessible on the web due to the naming scheme used by Zoom to create the files of video recordings.
- Over 500,000 Zoom accounts have been hacked and sold on the dark web. https://www.firstpost.com/tech/news-analysis/over-500000-zoom-accounts-have-been-hacked-and-sold-on-the-dark-web-report-8261581.html
- No end to end encryption on Zoom for iPhone https://www.gadgetsnow.com/tech-news/apple-iphone-users-why-you-may-want-to-avoid-zoom-app/articleshow/74915075.cms?utm_source=toimweb&utm_medium=referral&utm_campaign=toimweb_hptopnews
- Zoom quietly installed a hidden web server on Macs.
For Latest Updates/Patches on Zoom, visit:
- Apple iOS –
- Apple Mac –
- Android gadgets –
- Windows PCs –
For any additional queries or cybersecurity concerns, you may reach out to our Purple Team at [email protected]
PurpleSyanpz® – A Cyber Security Research and Training Lab, is a proud venture of QOS Technology, an award-winning and one of the leading cybersecurity consultants in Asia. For any business inquiry, you can reach to their team at [email protected]