Hackers Exploiting Increased Zoom Use to Launch Attacks on Unsuspecting Users 

Businesses are grappling with a new reality as employees increasingly are working from home. That’s forced many companies to pivot quickly to online solutions for videoconferencing, meetings and collaborative work.

The ongoing COVID-19 crisis has meant millions of employees wrestling with unfamiliar tools such as Zoom and Microsoft Teams. That’s provided a golden opportunity for hackers seeking to disrupt meetings and conferences and use fake zoom domains to dupe users into unleashing malware attacks.

The issue is pervasive and has caused businesses … and Zoom … to respond rapidly to emerging incidents.

Holden Watne with Gen IX, who provides IT services in Los Angeles offers advice on how organizations can secure their Zoom meetings.

What Can My Company Do to Protect Zoom Users?

Here are some tips your business can take today to protect employees using Zoom for videoconferences and meetings.

1. Treat Zoom Data with Care: Zoom information should be considered sensitive data. Meetings can be recorded (though you should limit this function unless absolutely necessary), sensitive information may be shared (both verbally and via screen shares) and identities and other employee information may be visible to those who sneak into meetings.

Consider the information related to Zoom, from passwords to documents to identifying data, as needing significant security protection.

2. Use Passwords: Most of the Zoom disruptions have come from open meetings where anyone with a meeting ID can enter. Hackers are exploiting that lapse by using automated ID generators and hopping into meetings.

Using passwords prevents hackers from easily gaining access. Zoom has changed the default settings for many of its service options so that passwords are required. People will attend a Zoom meeting with a password required.

3. Adjust Advanced Settings: There are several things you can do within the Zoom settings to protect your meetings and participants. In the Advanced Settings section of the desktop version of Zoom, you can enable H.323 and SIP encryption, for example. This step requires encryption for endpoints connecting to your meeting. It can also be set as a default for all meetings.

Here are some other settings to change to harden your meetings:

• Turn Chat Auto-Saving off by going to In Meeting (Basic) settings
• Turn Attention Tracking off in In Meeting (Advanced) settings
• Use a virtual background to avoid exposing your surroundings to viewers

4. Keep the Meeting ID Private: Avoid sharing your Meeting ID and password on public social media platforms. Instead, send this information via email only.

Zoom has recently changed its default settings for many types of accounts and meetings so that passwords are required. It’s a good idea to use these default settings to protect your sessions further.

5. Limit Screen Sharing: You can restrict screen sharing to the host only in your account settings, both in the desktop version and the app. In some cases, you may not even need screen sharing and can disable it completely.
6. Make Them Wait: Waiting Rooms allow you to screen participants before allowing them to enter the meeting itself. For smaller sessions, it’s an effective way to ensure that only those you want in the meeting can participate.
7. Lock It Up: After all your expected participants have arrived, you can lock the meeting by going to the Participants icon at the bottom of the Zoom window and clicking on Lock Meeting.

As platforms like Zoom become more prevalent, so too will the risk of attacks. Staying protected during these uncertain times requires diligence and commitment to cybersecurity.