Atlantic-IT : Blog

New Jersey Cybersecurity

Rapid Switch to Zoom Means Rise in Cyberattacks on Platform

Switch to Zoom Means Rise in Cyberattacks

The rapid deployment of Zoom worldwide has allowed millions of employees to stay connected. As the company has experienced dramatic growth in its daily usage, it has also become the target of increased attacks.

In some cases, these attacks have been nothing but a nuisance. However, the increase in incidents has forced many companies to reevaluate how they use the popular videoconferencing service.

What Is Zoom?

Zoom is a videoconferencing platform that allows users to hold one-on-one meetings, group conversations, or webinars. It’s become a popular option as companies have quickly shifted to work-at-home arrangements for their employees. It’s been a popular choice among workers to remain connected to colleagues and customers.

The usage statistics are staggering. In April 2020, the platform exceeded 300 million daily users, up from 200 million daily users a month earlier. By comparison, its largest daily usage in 2019 was 10 million.

What Are the Security Issues with Zoom?

As Zoom usage ballooned, so too did attempts to exploit the technology. With so many new users unfamiliar with the tool, it was relatively easy for people to infiltrate meetings. These so-called “zoombombing” attacks allow unwanted attendees into gatherings. The “bombers” interrupt meetings by playing music, shouting profanity, or showing pornography.

While much of the “zoombombing” attacks have been nuisances only, hackers have also used Zoom to launch phishing campaigns.

BrandShield used an online threat detection system to identify 3,300 domains registered in 2020 alone containing the word zoom, with 2,200 registered in March alone. Fraudulent domains typically are a way that hackers launch phishing attacks, and 30 percent of the new zoom-related domains activated an email server, another sign of a phishing site.

The phishing scams are using fake emails to ask unsuspecting employees to share login credentials, reveal financial information, or pay bogus invoices. They are part of a persistent wave of phishing attacks drawing on fears of the COVID-19 health crisis and economic downturn. Unsuspecting employees, thinking an email or text is from an official source such as a business partner, health agency, or federal entity, unwittingly click on attachments or website links that release malware on computers and company networks.

What Is Zoom Doing About the Increase in Cyberattacks?

Zoom has responded with several key initiatives in the past two months. The company has halted all other features work to focus on security and privacy issues. Among the steps taken are:

  • Launching Zoom 5.0, with advanced encryption features to protect meeting data and prevent unwanted intrusions
  • Changing default security settings to require passwords and block screen sharing
  • Adding recommendations about using Waiting Rooms to screen guests before allowing them access
  • Fixing privacy issues with Facebook and LinkedIn apps that collected user information
  • Updating its privacy policy

What Can Our Business Do to Protect Users and Our Systems?

Employee education is the first defense against phishing and other cyberattacks. Hackers prey on vulnerabilities and our desire for information, especially in a crisis. Understanding what phishing attacks are and how to prevent them is critical.

Also, businesses should follow these tips to protect Zoom meetings:

  • Treat Zoom login credentials as you would any other sensitive business information. Do not share this information over the phone or email.
  • Do not post Zoom invitations on social media platforms or your website. Instead, privately email login information to participants.
  • Use a password for all your Zoom meetings.
  • Use the default Zoom settings for screen sharing, Waiting Rooms, and muting of video and audio features for participants. Add these features only as necessary.
  • Make sure links to Zoom meetings include the right domain — zoom.us

Atlantic-IT.net delivers cybersecurity solutions to companies in New York, New Jersey, Pennsylvania, and throughout the United States. To learn more about our IT support and security offerings, contact us today.