Meetings, conversations, and interactions for now all have moved online to platforms like Zoom. In fact, from just the first three months of 2020 our clients' use of Zoom more than tripled. As COVID-19 has changed how business works since that time, that number has only continued to only grown.
Unfortunately, internet trolls are taking the opportunity to cause harm of this move to remove work by hacking into video meetings. Zoom's screensharing feature makes it possible for trolls to disrupt calls and post obscene and offensive content. This intrusive practice is known as Zoombombing. And the problem appears to be wide spread.
Everything from fitness classes and Alcoholics Anonymous meetings to corporate presentations and massive public events have been Zoombombed. Not only that, but trolls are now recording their Zoombomb attacks and posting the videos to TikTok and YouTube, causing further embarrassment and harassment.
While this may sound like a classic breach, these attacks are not due to a technical security issue. In this case, they're made possible by a combination of user unfamiliarity with the platform and poor password hygiene.
What To Know About Zoom's Security Features
Zoom comes with security features but new users don't necessarily know about them — and such features weren't enabled by default. That left many meetings vulnerable to attack. In addition, people shared meeting links on social media and other public forums, which makes it possible for anyone with the link to join.
Zoom has updated its software to make it easier to control the security of online meetings and is providing advice on how to keep uninvited guests out of events.
However, that does nothing to prevent unauthorized access due to poor password hygiene.
Account Takeovers Come to Zoom
According to researchers, the credentials for more than 500,000 Zoom accounts were found for sale or for free on the dark web, with accounts sold for a fraction of a penny. Account details included email addresses, passwords, personal meeting URLs, and host keys.
Because many people use the same password-email combination for multiple services, hackers will often try passwords gained in previous hacks on other accounts. This makes people who reuse passwords vulnerable.
Exploiting reused credentials is not just used to take over Zoom accounts. They can also be used to gain access to corporate networks and data because employees recycle credentials for their corporate apps, bank accounts, and any third-party sites or services they find online.
While highly obnoxious, Zoombombing is relatively harmless in the grand scheme of cybersecurity. However, it illustrates the immense risk of an account takeover (ATO)—a risk many people don't even realize they are taking.
The ABCs of ATO
In our on-demand webinar Account Takeover 101, we discussed the anatomy of an ATO attack and the timelines of ATO breaches. In many cases, hackers can use legitimate login information to probe your system for weeks or months before launching an attack. Alternatively, this information may be listed for sale on the dark web to the highest bidder without your knowing it.
Looking at some most high-profile attacks, we found that stolen credentials maintain their value for an average of 34 months after a breach. In addition to stealing employee data in bulk, hackers often target specific employees, such as executives who have access to financial information. While targeted attacks may represent only 10% of cyber attacks, they can represent 80% of the total loss from an attack.
How Employees Can Prevent Account Takeovers:
- Use multi-factor authentication whenever possible.
- Use a personal VPN when connecting to public Wi-Fi.
- Use a password manager to create and manage unique passwords for every login (not just work logins).
- Stop rotating passwords every 90 days.
- Use a service to monitor both work and personal credentials and personal identifiable information (PII) for exposure on the dark web.
- Don't blindly trust emails, links, text, pictures, or attachments to avoid spear-phishing attacks.
Protect Your Enterprise Against ATO
A strong security posture requires looking just vulnerability management and can include educating employees on best practices for avoiding ATO and monitoring the dark web for stolen credentials.
The Arctic Wolf Managed Risk solution can help you increase your security posture and decrease your security risk by helping to:
- Identify and categorize risky software, assets, and accounts using dynamic asset discovery and 24/7 risk monitoring, as well as by assessing the risk visibility of your internal and external networks, devices, and people.
- Benchmark your digital risk exposure using security control benchmarking and risk scoring so you can identify gaps.
- Harden your network by giving you the insights, guided remediation, recommendations, and on-demand reporting you need to prioritize your cybersecurity activities and investments.
With employees at many organizations now working remote, the risk for ATO has never been greater. Reach out to the Arctic Wolf team for the expert guidance you need to defend your enterprise.