With most employers shifting to a work from home (WFH) model attackers are chomping at the bit to exploit the introduction of video-teleconferencing (VTC) into your environment. VTC programs such as Zoom, GoToMeeting, or Microsoft Teams are not anything new and neither are their exploitation but with much of the workforce becoming dependent on them, attacks are increasing.
Since VTC programs offer remote workers the ability to conduct conference calls, streaming video from their mobile device, and share documents for collaboration, it should come as no surprise that attackers are looking to be provided the same resources provided to conference attendees.
In the past few weeks, attackers have:
- Hosted legitimate-looking VTC web sites which, when utilized, allows them to gain access to your data and eavesdrop on conversations;
- Launched phishing campaigns that appear to come from real VTC software vendors with the intention of taking over/inviting themselves to meetings, launching malware, and more;
- Overloaded communication tools to take them offline or fail-open to be able to eavesdrop on calls;
- Taken advantage of vulnerabilities in existing software packages to hijack conference calls which can allow them to take over victim machines temporarily via remote desktop sharing, and much more; and
- Guessed meeting IDs in order to gain unauthorized access to in-progress conferences. One school in Norway stopped using VTC software after a man guessed the meeting ID and exposed himself to the children over the video call. (https://techcrunch.com/2020/03/26/norwegian-school-whereby/).
We are all getting used to the “new normal” of working from home and what that means for information security. Adjusting our normal security posture for one that is more aggressive is required to ensure that your user and client data remains secure. There are several things that organizations can do to ensure that the work from home model isn’t introducing unnecessary risk to the organization.
To protect yourself and your organization from attackers looking to exploit your teleconferences:
- Use reputable vendors for telework software. This means conducting your due diligence to verify the service offering aligns with your organization’s information security program and risk tolerance. Reputable products include WebEx, GoToMeeting, Microsoft Teams, Zoom, RingCentral Meetings, Amazon Chime and others;
- Restrict access to remote meetings, conference calls, etc. to only those who have a secret code or password if possible; and
- Remind users of social engineering tactics such as phishing which attackers will use to attempt to gain access to these teleconferences.
If you’re an Assura Virtual ISO, Managed Security Awareness and Training, Ransomware Protection Pack, or Election Protection Pack client, talk to your Assura point-of-contact to discuss user education to protect your organization from these attacks.
Stay safe, #flattenthecurve, and as always feel free to submit any questions you may have about this or any other cybersecurity matter through our website or to firstname.lastname@example.org.
The Assura Team