The same default setting that allows attackers to “Zoom bomb” schoolchildren or remote workers meeting online with racist and pornographic content could be used to by cybercriminals to unleash their malicious bag of tricks during the COVID-19 pandemic.
“An attacker could create a malicious invite link and trick Zoom users into clicking on it, leading to a phishing page or malware download,” said Comparitech Privacy Advocate Paul Bischoff, responding to a Los Angeles Times report that bad actors were taking advantage of both an uptick in Zoom conferences and a default setting on conference platform that lets conference-goers share screens but also allows anyone with the link to join. “If legitimate invites or meeting IDs are leaked, attackers could find them and join video conferences to spy or just cause trouble,” he said.
Bischoff cautioned hosts posting links to Zoom conferences on public sites to “rethink their strategy” and verify participants with passwords “or limit participants to a particular email domain,” both of which are features built into Zoom.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.