.png)
Zoom continues to suffer massive security and privacy breaches, which are well-reported in national news and online. In short, stop using it and uninstall the program from your network, individual machines, and phones. For businesses, especially those dealing with sensitive/critical information (finance, healthcare, energy), the integrity of information security is paramount.
On April 12, 2020, it was discovered that more than 500,000 Zoom accounts were for sale on the dark web for hackers – many of which cost less than a single U.S. penny when sold in bulk. A cyber-intelligence company first started noticing the sales around April 1, 2020 and reported that accounts from financial institutions, banks, colleges, and hospitals were being sold. And in case you are unfamiliar with the dark web, it’s essentially eBay for all things bad. From minor criminal purchases such as hacked gift card codes from stores, to bombs, people, rare animals, and PayPal accounts, the dark web is an online flea market for tech-savvy criminals worldwide. Often masked by multiple layers of virtual private networks bouncing signals through multiple countries, advanced software that scrubs all documents and images free of metadata, anonymous email accounts hosted by privacy-focused countries, and solely balanced on cryptocurrency, the buyers and sellers can almost always remain anonymous and free from prosecution. In other words, once these Zoom accounts are sold, you are likely to never know who bought them, who is using them, what they are doing with the information, and where the information will end up.
Since the COVID-19 pandemic has forced many companies to switch to remote working, Zoom quickly became a favorite video-conferencing tool and the company was both overwhelmed and unprepared for the activity and potential infiltration. On April 4, 2020, @LaCyberLawBlog advised Zoom users to be extra careful with its use and consider alternatives such as Microsoft Teams. @LaCyberLawBlog now amends that advice and simply recommends that you do not utilize Zoom and further, that you uninstall the application from your network, computers, and phones and consider whether to re-image.
In an April 13, 2020 report from Bleeping Computer, the infosec website reported that the hackers will use bots to repeatedly hammer sites with automated login attempts, leveraging credentials from past data breaches. Once the bot hits the right combination, its operators confirm access to the desired account, add it to a list of other confirmed account credentials and then sell the compiled list on the dark web. BleepingComputer independently verified the credibility of the stolen Zoom accounts.
To stop the customer exodus, Zoom formed a new CISO council to address the recent issues and advise its CEO, Eric Yuan. Beginning April 18, 2020, Zoom is starting a 90-day security plan that promises several new improvements. One such improvement is that “account admins will have the ability to choose whether or not their data is routed through specific data center regions, giving users more control of their interactions with Zoom’s global network," and Zoom will institute a “Report a User” function for video-conferencing to allow users to report hijackers in real time and hopefully allow Zoom to block them from future attacks. See the plan here.
So now what? Here are some options:
Stay off Zoom;
Consider Microsoft Teams;
Never re-use passwords – EVER;
Only use conference calls or circulate video call-in information via text only; and
Get education on social engineering – as cyber criminals are now using advanced psychological processes and prompting re-logins into Office365, OneDrive, and Microsoft Teams to steal the login information directly from users (a separate article to come).
For businesses with significant infrastructure, avoidable breaches will be followed by negligence claims. Have your IT staff work with a knowledgeable cyber and privacy attorney to ensure your business is protecting itself on the front end. Not to be cliché, but an ounce of prevention…