Zoom-Bombing Hijackers

Uploaded on 2020-04-06 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The surge in video conferencing using is raising privacy and security concerns and 'Zoom-bombing', the practice of unwanted guests intruding on video meetings for malicious purposes, has also significantly increased during the pandemic according the the FBI. 

Zoom is an easy-to-use  video conferencing App which has has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work or school.

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions and has received multiple reports of conferences being disrupted by pornographic images and threatening language, incuding two hijacking incidents involving local schools that were using Zoom to conduct online classes. 

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway reportedly had to shut down online video lessons after a naked man infiltrated a session attended by nine-year-old students. 

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

To stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.... Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.” that agncy advises.

Although taking the precautions recommended by Zoom and the FBI are likely stop a majority of unwanted incidents, video conferencing over the internet remains vulnerable to other forms of attack.

Conferences could be taken over entirely if the host's password were hackedand another vulnerability uncovered in 2019 reportedly could have allowed hackers to take control of the webcams of users and then spy on them even when the app was not in use, although the company is said to have fixed the issue since then.

FBI:     CheckPoint:      PCMag:     Bleeping Computer:      NewsWeek:      ABC News:     

Guardian:     Wired:    The Verge:  CISO Mag:     ThinkUm:     MarketWatch:   


You Might Also Read: 

Hackers Are Targeting Young Video Gamers:

 





 

« Fighting Fake News With Cyber Intelligence
IoT - Pandemics, Opportunities And Massive Data Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Early Warning Services

Early Warning Services

Early Warning Services identity, authentication and payment solutions empower financial institutions to make confident decisions, enable payments and mitigate fraud.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.