Zoom video conferencing advisory

In the wake of the COVID-19 pandemic, students and organizations are using Zoom applications for teleconferencing and remote learning. Cybercriminals are taking advantage of this situation to get access to sensitive information and even disrupting the sessions.

Risk : 

  • Insecure usage of the platform may allow cybercriminals to access sensitive information such as meeting details and conversations.
  • Unpatched Zoom application bug lets attackers steal your windows password.
  • Reports of VTC (video-teleconferencing) hijacking (also called “Zoom-bombing”) are emerging in the US. They have received multiple reports of conferences being disrupted by unsuitable content and/or hate images and threatening language.

Recommendation :

  • Ensure Zoom software is up-to-date. Apply the latest patch available (latest version is 4.6.9). Refer the link below for more information and updates https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows
  • Download Zoom client only from its legitimate source Zoom.us, and not from anywhere else as there are malware and adware installers which pretend to be Zoom client installers.
  • Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room. 
  • Always set strong, difficult passwords for all meetings and webinars. This is recommended for meetings where sensitive information may be discussed.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly-available social media post. Provide the link directly to specific people (invitees). 
  • Do not take pictures of your Zoom meetings with Meeting ID and post on social media sites. The adversary can use the Meeting ID to join your meetings. Generate your own Meeting ID. 
  • Manage screen sharing options. In Zoom, change screen sharing to “Host Only.”
  • Restrict/disable file transfers, if it is not required.
  • From settings and controls, ensure removed participants are unable to rejoin meetings.
  • Lock the meeting session once all your attendees have joined.
  • Restrict the call record feature “Allow Record” to trusted participants only.

 

Contact: +975-02-338606, Email : cirt@btcirt.bt

References: 

https://www.cert.gov.lk/alert_info.php?id=164

https://www.cert-in.org.in/

https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom