To curb the spread of COVID-19, millions of people were forced to stay at home. Zoom has become one of the video conferencing tools used by many people for remote work and learning. However, more and more online conferences have been hacked, and the FBI and research institutions have issued warnings. This kind of network attack manifests as: when people are opening a network video conference, the participants ’screens are hijacked by malicious actors, who can place images and text on the screen and chat boxes, or destroy the sound. Within the FBI Boston Division’s area of responsibility (AOR), which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:
- In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled profanity and then shouted the teacher’s home address.
- A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.
- When a U.S. doctoral student spent three years preparing his doctoral thesis and is defending his thesis through Zoom, he suddenly saw the screen become blurred, followed by a circle after circle, and then appeared discriminatory and dirty text and pictures.
- An online conference held by YWCA Canada with 250 guests to discuss the impact of COVID-19 on women was also hijacked. Attackers started shouting racist words and two YWCA employees were sexually harassed.
Since the COVID-19 crisis, Zoom ’s web conferencing tool downloads have set a historical record, and the company ’s stock price has increased rapidly. Doug Domin, an agent of the Federal Bureau of Investigation in Boston, said that the best mitigation strategy at the moment is to let users know what is going on because they are the ones who are most capable of protecting themselves. Some precautions announced by the FBI include: issuing passwords to participants or using the “waiting room” function in order to invite each guest separately; do not share the invitation link on social media; keep the software updated. A report released by the University of Toronto said that Zoom claimed to use AES-256 encryption, but the researchers found that Zoom used a single AES-128 key in ECB mode, which is a mode not recommended by the industry. The report does not propose any measures to prevent hackers from exploiting these vulnerabilities though, researchers recommend that now it is best not to discuss confidential or sensitive topics through the Zoom platform.
During these trying times, companies’ priorities and focus are on issues such as protecting resource health, supporting a remote workforce and preparing for a global financial crisis. LIFARS, known as one of the leading companies in incident response and forensics services, sees that cybersecurity teams are stretched thin and are distracted from the prime objective of fighting off the bad guys. As the health pandemic grows and priorities change, LIFARS DAILY Truth will provide a temporary daily proactive cyber threat hunt search of your network for potential threats:
- A daily, proactive threat hunt to uncover the adverse actors on your network;
- A daily report on our findings;
- Weekly and monthly reports to track the changes and progress;
- A month-to-month service designed to augment and complement your existing security department.