Security Fridays: Week TenMichael Urgero 09/06/2020 Industry News
Web conferencing: Is your meeting secure?
This week we’re going to discuss what’s happened with Zoom Video Conferencing. The leak of user and subscriber credentials was critical but not as massive as the media has led people to believe. There were only about 2,300 credentials out of 12.92 Million monthly users. Yes, it is true that another person who possesses your credentials could gain unwanted access to your account and possibly details of calls and discussions had, but the likelihood of that being you is pretty small.
There are several things to consider when we talk about safety with conferencing apps. It’s essential to ensure that your conferencing app provides a new and never used conference meeting ID and access code every time you schedule a new meeting. Many services do this, and it will keep unwanted people from gaining access to live meetings. You’ll also want to explore the record options to determine if they happen in the cloud or locally on your PC during the meeting. Local recordings are far less vulnerable.
Try your best (and I know it’s hard) to keep your conference subscription as minimized as possible. At the time I’m writing this, I personally have five installed here. I really only use 1, but have the others for meetings that were originated by other parties. I don’t have subscriptions there, but get tempted sometimes, because I may like the way they function. Try to make a decision on one and stick with it if you can.
As far as Zoom bombing, credential stuffing, and other simplified attack methods, I’ll say the obvious, take care and validate the people in your meeting by roll-calling everyone and checking to make sure that you don’t have unwanted or unidentified people on the call. We’re all working remotely now, sometimes with people we’ve never worked with before, sometimes with the same people, but they sound different, and you may not be able to see everyone.
Attackers make every available effort and take advantage in times of confusion when things are rushed and not organized well. Take your time, move slowly, and make sure you are changing your subscription passwords often.
Read the article analysed here: www.threatpost.com/compromised-zoom-credentials-underground-forums/154616/