Zoombombing is one of the latest digital shenanigans to surface during the current COVID-19 crisis to abuse video conferencing users. With the increased reliance on video conferencing platforms due to spikes in ‘work from home’ mandates, it was only a matter of time before bad actors would find a way to disrupt home-based staffers. Because Zoom enables screen sharing by default, participants are free to share their screens without restriction. Cyber miscreants realized this and recently crashed the popular WHF Happy Hour hosted Verge reporter Casey Newton and investor Hunter Walk, with the sole intent of subjecting happy hour attendees to NSFW(FH) content and degrading images.
Out of concern for our clients, and anyone using the free version of Zoom, we urge that platform users review the default settings because trolls are actively scouring the internet for publicly shared Zoom links to zoombomb. The following recommendations are helpful in this regard:
- Set screen sharing to “Host-Only” before the start of a call or meeting. Not doing so exposes the feature to abuse.
- Keep the default setting for the “Allow Removed Participants to Rejoin” feature to restrict the ability for disconnected Zoombombers to rejoin video calls
- Disable “Join Before Host” before the start of the meeting to limit activity and discourage malintent
- Follow conference call best practice to prevent eavesdropping and unwanted disruption like Zoombombing
- Consider using an enterprise Zoom subscription if the risk to the business to use the free version is unacceptable
Users of competing platforms should review similar configuration items and assess whether similar threats against those solutions exist. Configuration management should be top of mind for an organization using platforms of this kind and cloud services in general. We will discuss configuration management in-depth in upcoming blogs as an essential step in surviving this latest brand of cyber-loping and manage business risk associated with a home-based workforce. The moral of the WFH-HH story: Lockdown access to those who should have access to your meetings and data.
Mark Arnold has a 15+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints to optimize risk management processes, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns) and their collective impact on nations and society. Mark recently completed an executive education cohort on the intersection of cybersecurity and technology at Harvard’s Kennedy School.