Zoom has been in the tech news highlights ever since its phishing vulnerabilities came to the public attention. According to the app makers, it has resolved many of its internal security issues as of last week. The security of data and communication over the platform seems inadequate nonetheless. The truth underlying the security protocols at Zoom is quite different.
The platform is susceptible to several data breaches. If you are a company relying on the app to get your communication needs during the COVID-19 handled, then you might be at a loss. This is because it seems like a helpful alternative to more complicated communication channels or traditional means, but it remains unsafe for the exchange of sensitive information.
The security problem at Zoom is threefold. Firstly, any hacker may be listening to your conversation. Secondly, any attacker or phishing and spam agents may enter a meeting room at any point in time. Thirdly, the data of those using and connecting over zoom including contact and device details as well as other phone data may be at stake.
Now, this is huge. Apps such as Whatsapp and Facebook have been used in the past as listening devices. A vulnerable app like Zoom that has only become a major thing after the COVID-19 seems like a dangerous target. Users allow Zoom to use their phone or laptop’s microphone as well as the camera. This allows many hackers, white hat, and black hat to be able to breach the data and enter the storage of the device. This can give them access to galleries, documents, files, and contacts shared on the device.
While Zoom urges that it has been able to take care of many security issues, it still can not guarantee itself to be fully immune to hackers trying to trick the company’s users.
On the other hand, many attackers have come up with a creative way to steal user’s personal information. This is through polluting the links of the meetings. They are posting and emailing malicious links of fake meetings in order to obtain personal information and login credentials of various people.
Companies can become a target. This could emerge as a special cybercrime used to topple competitors, government, and seek personal revenge over the dark internet. According to Abnormal Security, a cybersecurity firm this could be used for varying manipulation levels at varying stakes.
The phishing scheme uncovered by Abnormal Security highlights that the fear of losing their job due to the economic downturn during the coronavirus pandemic has been fuelling this fiasco. About 26 million people in the U.S. alone have filed for unemployment since the pandemic began. The emails and fake meetings are made to look HR-related leveraging a hot pain point into their ploy.
The phishing site mimics the look of Zoom’s login page. The link redirects the user to the page hosted at something like the URL “zoom-emergency.myftp.org.” Victims thus, voluntarily rush into the meeting hungry for an opportunity and lose out on not only their credentials and sensitive information but also banking data.
Abnormal Security’s report suggests that this attack has targetted around more than 50,000 mailboxes. Zoom has been on an all-time rise due to the virus. It was seen as an underdog app with no real purpose that has now effectively made its way into every country in the world. Zoom recently announced it had more than 300 million active users. There are recurring reports that Zoom is being used as an opportunity for the hackers victimizing millions.
There are two key takeaways for businesses here:
Number 1: Try to use encrypted, safer, and better communications channels.
This is essential for all businesses to protect against any hacker funded by someone holding a grudge or a personal vendetta around you. The dark web makes this entirely possible that your business can be compromised as can your life be leveraged without adequate data security.
If you are worried about what data security measures you could take then you should really read our Data Protection and GDPR handbook out.
Number 2: Make sure that your staff is trained in dealing with data security.
If you were not able to somehow train your staff on GDPR and Data Protection Guidelines, then this can be a great opportunity to equip them. Give the staff online training. Help them cope better with the current circumstances and educate them regarding their obligations.
This can be a quick and effective way to train your staff training online. It can foster better data security habits, help them stay empowered and proactive to minimize any dangerous risk to your business.