Wie Zoombombing lehrreiche Momente für Cyber-Sicherheitsteams bietet

Druckfreundlich, PDF & E-Mail

Most of the instances of conference calls being hacked, popularly known as Zoombombing, are from a cybersecurity perspective a self-inflicted wound. The fact that malicious actors could, for example, use publicly posted meeting links, guess meeting IDs, and discover personal meeting IDs posted online to join a meeting uninvited is not some newly discovered set of vulnerabilities. It’s only been with the need for large swaths of the population to remain at home that these issues are coming to the fore. Zoom, as the most popular video collaboration platform of the moment, is naturally at the center of the storm.

There are, of course, ways to better secure these meetings by requiring passwords and checking identities of individuals before they are allowed to join a video call. Organizations that make use of these platforms can also make use of identity and access management (IAM) tools and multi-factor access controls to restrict who can access a conference call.

Of course, not every organization has these processes and tools in place. Many organizations, ranging from Google to the Department of Education for New York City, have outright banned the use of Zoom. Others are casting about looking for alternative platforms that they hope will be more secure.

The degree of comfort any organization will have with any of these only platforms is going to vary based on the use cases involved. Most instances of Zoombombing are little more than pranks. However, there are malicious actors out there eavesdropping on these calls. Their goal is not to disrupt but rather to steal intellectual property. With that issue in mind, cybersecurity teams need to go well beyond simply trying to limit access. Additional cybersecurity issues impacting these platforms include:

  • Network Security: Conferencing endpoints and platforms require their own Session Border Controller (SBC) to manage traffic, including looking out for and blocking suspicious connections. Firewalls also need to be configured properly and network settings regularly reviewed.
  • Application Security: Many of these platforms expose application programming interfaces (APIs) that an application invokes. With more cybercriminals focusing their efforts on APIs as of late, collaboration platforms of all types in the cloud make for a tempting target. It’s also critical to remember to encrypt all the data that might be stored by any of these applications.
  • Distributed Denial of Service (DDoS) – Attacks against collaboration platforms intended to disrupt service to voice-over-IP (VoIP) calls are becoming more common.
  • Malware Distribution: Documents are routinely shared via conference calls, so it’s critical to make sure they have not been inadvertently loaded with malware.

As is often the case many business executives landed on Zoom as the collaboration platform of choice without considering the cybersecurity implications. Many of those same business executives have now also learned a valuable lesson. They may never have been a victim of zoombombing but by now they have all most certainly heard about it. The challenge and the opportunity for cybersecurity professionals are how now to turn that increased awareness into a truly teachable moment no one will hopefully ever forget.

Nach oben scrollen