01 Apr 2020

With the Coronavirus raging, more and more people are working remotely than ever before.  Meaning there are more people using online platforms than ever before to conduct meetings, share work and generally communicate with co-workers than ever before.

Unfortunately, that also means more hackers are able to take advantage of employees working from home than ever before, as well.

One such platform that is really taking off in the midst of this pandemic is “Zoom,” which has more than 13 million users each month, and an additional 74,000 regular customers, an increase of over 500%.  It is by far one of the most-used business communication platforms of its kind, offering video and audio conference calling, virtual meetings, webinar options and a host of other features, making it extremely popular with students, businesses and government employees across the globe, especially during this time of international social distancing.

Which is something cybercriminals are aware of, seeing as they have wasted no time in exploiting the massive increase in Zoom use.  They have not only started registering fake Zoom domains, but have also begun creating and distributing malicious Zoom files, all in the hopes of enticing at-home workers to install malicious viruses onto their devices…. To the tune of 1700+ new “Zoom” domain registrations since the onset of the virus, a quarter of which have been registered in just the past week!

Zoom is not the only business experiencing an increase in malicious domains.  As we wrote about previously, hackers are also using fake Coronavirus domains to lure their victims in, and with pretty much every school in the nation being closed, researchers have also found phishing sites for legitimate online learning platforms, such as Google Classroom.

These hackers have NO SHAME.  From phishing campaigns to malicious tracking apps, they have no qualms about profiting off of a worldwide crisis.

Zoom iOS Fixes

Zoom is no stranger to controversy.  For example,just last year, they were forced to fix a vulnerability found withing their app that allowed websites to hijack users’ webcams, forcing the user to join a Zoom call with no permission needed.

Then in January of this year, Zoom patched another security hole that allowed bad actors to just guess a meeting ID and then join in on a meeting, giving them unbridled access to private audio, video, and documents.  This gave rise to “Zoom Bombing” where hackers would infiltrate video meetings and shout racial slurs or threats.   And though Zoom      finally fixed that issue by making it so that passwords  must be entered manually before participants can join a meeting, and released instructions on securing your meeting, the FBI is looking into it, as of March 30.

And finally, just this past weekend, Zoom potentially got itself into some really hot water… They were caught sending device information and a unique advertiser identifier to social media giant, Facebook, via Facebook’s software development kit (SDKs).  Though they have since updated their app, it raised some major red flags, considering that they completely failed to disclose this data sharing in its privacy policy.

Other Zoom Privacy Concerns

And there are other privacy concerns, as well… So much so that they have been called not only a “privacy disaster” but also “fundamentally corrupt” by various security experts for:

Participant Surveillance

Currently, Zoom hosts are able to see if participants have their Zoom video window active, meaning they can track whether the participants are paying attention or not, and Administrators are also able to view participants’ IP addresses, location data, and device information.

Lack of Encryption

Zoom literally lied about this by saying they did use end-to-end encryption, which should secure communication to the point where only users have access to it, but research conducted by Intercept found that to be a complete fabrication.  Zoom “clarified” this past Wednesday in a blog post, whereby stating that they don’t use end-to-end encryption because it isn’t possible on their platform.  They they so kindly apologized for any of the confusion that may have been when they “incorrectly” stated they could.

Not good!

We aren’t going to tell you not to use Zoom, because that would be hypocritical of us, considering we use it, as well.  But there are steps you can take to safeguard yourself from these violations of privacy:

  • Make sure you keep your apps up-to-date in order patch any potential holes in security.
  • Be vigilant when opening any emails or downloading anything sent from unknown addresses and seemingly legitimate domains that contain spelling errors.
  • NEVER open unknown attachments!!
  • NEVER click on promotional links in emails, and remember… the cure for Covid-19 is not going to magically appear in your inbox.
  • ONLY order your goods and services from authentic sources.
  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s teleworking policy or guide addresses requirements for physical and information security.

According to Omer Dembinsky, Manager of Cyber Research at the sofware company, Check Point:

The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure, and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.

Please don’t forget… Bad actors don’t care about you, your health, or the welfare of anyone in the world.  We here at Petronella Technology Group offer state-of-the-are cyber security training to help keep you and your staff safe while they are working from home.  Call us 919-422-2607 if you have any questions.  You can also schedule a free consultation by clicking here.  You can also download our FREE Remote Security Checklist, which provides you with simple instructions on adding layers of security to your home office.

And most importantly, stay safe out there.

 

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top