by Andrew Frisbie, Chief Information Security Officer at LCG-LLC
Zoom is a popular cloud communications application that is front-and-center in the COVID-19 response as we all shift to working from home. With all the attention, Zoom has been a popular topic of discussion amongst cybersecurity professionals and a popular target of bad actors. Here are two very current issues that many media outlets are writing about:
March 30, 2020 – Zoom Bombing Attacks
The FBI issued a warning of ongoing “Zoom-bombing attacks” on video meetings. “Zoom Bombing” occurs when an unscrupulous individual joins a Zoom video conference for the purpose of disrupting it. Zoom-Bombing has been used to inject profanities, pornography and other disturbing material into the meeting. To defend against Zoom Bombing do the following:
• Do not make meetings or classrooms public (use a password or use the waiting room feature to control guest admittance and access)
• Do not share Zoom conference links on social media (provide links directly to attendees)
• Manage screen-sharing options (for large meetings, where you are not likely to be able to view all the participants, disable participant screen sharing and allow “host only” screen sharing)
• Keep your Zoom client software up to date (the January 2020 update from Zoom enabled meeting passwords by default and other critical vulnerabilities have been fixed in prior updates)
March 31, 2020 – Credential Theft
Various media outlets report that a user’s Microsoft Windows credentials can be stolen from within the Zoom client during an active meeting. Technically, this is not a Zoom vulnerability, it is a function of how Windows “UNC” paths work. The issue with Zoom is that it converts a UNC path into a clickable link, which causes Windows to send your credentials to the remote computer. If the remote computer is under the control of a bad actor, they could capture this and potentially decrypt your password. Here’s how do deal with this issue:
• Recognize the difference between a URL and a UNC path – A URL is something you are used to typing into your web browser, such as https://lcg-global.com. A UNC path begins with two slash marks “\\” and looks like this “ \\192.168.1.1\foldername where the numbers represent the IP address of a computer.
• The good news – Zoom issued a fix for the UNC injection issue on April 1 according to CEO Eric Yuan (see screenshot below). We tested sending a Zoom chat with a UNC link from a Windows computer to a Windows Computer and the UNC links were not clickable.
• The solution – 1) Update your Zoom client software now and 2) Turn of the chat function in your meetings.
Zoom is a good platform that has been pushed to the max, but like any other software you need to know how to use it and you need to be aware of its shortcomings.
In this webinar, our cybersecurity expert, Andrew Frisbie, Chief Information Security Officer at LCG-LLC, shares how to help protect your data, systems and agency while your team is working remotely. Proper cybersecurity measures are critical to protecting your E&O exposure, NYS DFS compliance, and business operations.
Watch the webinar.
LCG Discount
LCG is offering a 20% discount to the general public for certain cybersecurity services until April 30th.
Your membership in BIG I NY earns you another 5% discount. Save BIG on compliance and security obligations for your 2021 filing.
Learn more.