Some of the most popular online meeting and collaboration tools have been the subject of several high-profile breaches recently.
The National Cybersecurity Centre (NSCS) has reported a surge in the number of attacks on the most popular online meeting and collaboration platforms, including WebEx, Zoom and others. Users who haven’t followed best practices, particularly setting secure passwords for meetings, have found themselves victims of a number of exploits including having their meetings broken into and hijacked and also having their meetings watched, without their knowledge.
October saw the “Prying eye” vulnerability affect a number of systems, which allowed attackers to get into meetings that weren’t password protected by guessing the ID numbers.
The NCSC recommends as good practice setting a secure password of at least three random words, with additional security provided by numbers and punctuation.
In November it was also noted that WebEx meeting invites were being used as convincing phishing emails. Clicking on the realistic link allowed malicious software, the “Warzone Remote Access Trojan”, to take over webcams, delete files, log keystrokes and download other software to the users machines. This took advantage of security flaw on the WebEx website known as open redirect which allowed attackers to introduce their own URLS to redirect users to malicious content.
Please see our articles on Phishing email identification to help identify suspicious emails and protect yourself from being compromised. Also, a useful article was released by IT Governance website on recognising and staying safe from Phishing.
If you have any concerns about the security of any systems you use, please don’t hesitate to get in touch with EC2 IT.