View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 31, 2020updated 01 Apr 2020 9:01am

Beware of “Zoom Bombing”: Corporates at Risk of Malware, Unexpected Porn

Problem now bad enough for FBI to issue a warning...

By CBR Staff Writer

A new level of corporate trolling has entered the vernacular: “Zoom Bombing”, or the act of jumping uninvited into video conferences with the intent of disruption, often by sharing graphic pornography. The problem has got so bad that the FBI this week issued warnings and safety guidelines for organisations to avoid it.

Zoom bombing predominately happens to public Zoom conferences in which the host has not adjusted screen sharing settings, which, by default let any attendee share whatever content they wish with participants on the call.

Toni Vitale, head of data protection at JMW Solicitors LLP, told Computer Business Review: “If the zoom reference number is shared on social media and the host fails to set screen-sharing to ‘host only’, this can allow uninvited guests to screen-share pornography or other disturbing imagery. Meeting hosts should also disable ‘file transfer’ to prevent any malware being shared.”

Online services have never been in more demand amid the COVID-19 pandemic, as countries lock down public movement, and Zoom’s video conference technology is being widely adopted, even at the highest levels of the UK government.

(As specialist global financial adviser James Green of deVere Group’s noted to Computer Business Review: “Zoom Video Communications has been a remarkable performer, with its shares gaining more 32 percent since the market began its decline in mid-February.”)

A spokesperson for Zoom responded to the Zoom bombing warnings by telling the NYT: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only they can share their screen.

The company added: “For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining.”

Zoom Bombing and Domain Hijacking

Worryingly, cybersecurity firm Check Point has meanwhile recorded a sharp increases in the number of domains that have been registered with the name Zoom somewhere in the URL, as typosquatting-style attacks surge.

Since the start of the year more than 1700 new Zoom domains were registered, with 25 percent of them being created in the last week alone.

Check Point are also warning that: “We have detected malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# representing various digits). The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”

zoom Bombing

Credit: Check Point

With regards to Zoom Bombing, the FBI recommends:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security

See Also: Avoiding DR and High Availability Pitfalls in the Hybrid Cloud

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.