Zoom Bombing

zoom bombing coronavirus hackers

Zoom Bombing is where an unauthorized person enters your Zoom video conference to cause disruptions or to gain sensitive information. Many companies and schools have begun using video conferencing extensively and there’s been numerous news reports of “zoom bombing” problems. While Zoom appears to be taking the brunt of the complaints on securing Web Conferencing, it’s important to realize any web conference can be attacked and to take precautions by securing your meetings appropriately.  Read on for information on how to secure your Zoom meetings and be sure to watch the “How To” video which reviews the critical Zoom Security features you need to enable and features to disable to secure your Zoom meetings from being bombed.

Source: CBS Boston

Additional Reading: ‘Zoom-Bombing’ Hijacks Online Class Meetings In Massachusetts, FBI Warns

Remote Work Best Practices

What does this mean for an SMB or Schools?

Businesses or educational institutions should be finding ways to secure these video conferences to reduce the likelihood of zoom bombers joining their video conferences. There are a few things you can do to stay secure while video conferencing:
  • If you are the host of the meeting, make the meeting private, requiring a password or private link to join the conference call; 
  • When the meeting is made private, control access to the meeting by enabling the “waiting room” feature so you can manually let authorized people into the meeting; you would get a message similar to, “Bob Johnson would like to join the meeting” and would need to approve;
  • Do a roll call and keep track of the amount of users that are supposed to be in the meeting, if you invited 8 users and there are 10 in the meeting, you may want to check out who the two (2) extra users are;
  • Don’t share the meeting ID, password, or meeting link on a public platform, such as your website or related social media site; 
  • Once every authorized user has joined the meeting, lock the meeting so nobody else can join;
  • Only allow the Conference Host to have control of screen sharing;
  • Disable file-sharing so people aren’t flooded with content.

Specific Zoom Settings to Examine

The following are recommended settings for hardening your Zoom Meetings:

  • Participant video off on join
  • Join before host off
  • Require a password when scheduling new meetings on
  • Require password for participants joining by phone on
  • Mute participants upon entry on
  • Chat on  (group chat)
  • Private Chat off
  • Co-host on
  • Allow host to put attendee on hold on
  • Allow removed participants to rejoin off
  • Waiting room on

To learn more about Zoom Bombing, watch this short 2 minute video:

If you would like a walkthrough of securing Zoom for your business or school, watch this video:

April 10th Editor Updates
An email update on security improvements direct from Zoom's CEO Eric Yuan:
https://cyberhoot.com/uncategorized/zoom-security-update-from-their-ceo-eric/

April 15th Editor Update
Zoom awarded Leaders Quadrant status by Gartner. Alongside Cisco WebEx and Microsoft Teams.
http://click.zoom.us/e/84442/gartner-zcid-1564/98wf2c/1548053644?

Links to Web Conferencing Solution Reviews

CyberHoot clients have been asking “should I switch to another Web Conferencing tool that is more secure?”.  My response is, it depends.  It’s now coming to light that other Web Meeting companies may have their own security challenges.  For example GoToMeeting.com allegedly has some cookie and privacy issues being reported about their website.  Zoom may become the safest Web Meeting tool available due to the scrutiny it is facing today.

Video Conference Software Review Articles

Secure Alternatives to Zoom Article from Vice.com

Forbes.com article with 5 alternatives to Zoom

ZDNet article about Web Conferencing Solutions in General

Techradar.com Article about Web Conferencing in General

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.