A new level of corporate trolling has entered the vernacular: “Zoom Bombing”, or the act of jumping uninvited into video conferences with the intent of disruption, often by sharing graphic pornography. The problem has got so bad that the FBI this week issued warnings and safety guidelines for organisations to avoid it.
Zoom bombing predominately happens to public Zoom conferences in which the host has not adjusted screen sharing settings, which, by default let any attendee share whatever content they wish with participants on the call.
Toni Vitale, head of data protection at JMW Solicitors LLP, told Computer Business Review: “If the zoom reference number is shared on social media and the host fails to set screen-sharing to ‘host only’, this can allow uninvited guests to screen-share pornography or other disturbing imagery. Meeting hosts should also disable ‘file transfer’ to prevent any malware being shared.”
Online services have never been in more demand amid the COVID-19 pandemic, as countries lock down public movement, and Zoom’s video conference technology is being widely adopted, even at the highest levels of the UK government.
This morning, I chaired the first ever video conference Cabinet meeting.
— Boris Johnson (@BorisJohnson) March 24, 2020
(As specialist global financial adviser James Green of deVere Group’s noted to Computer Business Review: “Zoom Video Communications has been a remarkable performer, with its shares gaining more 32 percent since the market began its decline in mid-February.”)
A spokesperson for Zoom responded to the Zoom bombing warnings by telling the NYT: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only they can share their screen.
The company added: “For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining.”
Zoom Bombing and Domain Hijacking
Worryingly, cybersecurity firm Check Point has meanwhile recorded a sharp increases in the number of domains that have been registered with the name Zoom somewhere in the URL, as typosquatting-style attacks surge.
Since the start of the year more than 1700 new Zoom domains were registered, with 25 percent of them being created in the last week alone.
Check Point are also warning that: “We have detected malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# representing various digits). The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”
With regards to Zoom Bombing, the FBI recommends:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security