The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool. According to MarketWatch, the company’s daily active user count was up 378% from a year earlier, as of March 22,
How Are Hackers Exploiting the Zoom Platform?
For many exploits, it starts with a website.
According to Check Point, more than 1,700 domains have been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.
Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.
It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
What Is Zoom Doing to Protect Users?
Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:
- Zoombombing: Multiple incidents of “Zoombombing” have arisen in recent weeks. According to NPR, “…intruders hijack video calls and post hate speech and offensive images such as pornography. It’s a phenomenon so alarming that the FBI has issued a warning about using Zoom.” That’s led to wider use of passwords, waiting rooms, and muting controls. Never post a public link to a Zoom meeting.
- Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If participants used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed.
- Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information.
The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”
How Can You Protect Zoom Users from Cyberattacks?
Here are some tips to ensure that Zoom users are protected:
- Use password features to require meeting attendees to log in before being allowed access.
- Update the software. Upon finishing a meeting, the software will check to see if an update is necessary
- Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice.
- Be careful about recording meetings. The recording sits in a file, either online or the host’s computer, and could be stolen.
Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.