As the COVID-19 pandemic became more prevalent businesses were forced to find a way to operate with their workforce at home, making Zoom an essential part of normal operations. An increased use of the video conferencing software brought on waves of Internet trolls trying to disrupt Zoom meetings. By late march of this year, Zoombombing was such a nuisance, the Department of Justice threatened to fine and even arrest offenders. Yesterday Zoom announced a new feature named “At-Risk Meeting Notifier” that will notify meeting organizers with a warning if their meeting has the potential to be compromised. The service runs on Zoom’s backend servers and scans public posts for Zoom meeting links—if found a meeting organizer will automatically receive an email. The new feature will be enabled by default.
Zoombombing incidents usually take place after one of the participants shares a link to a Zoom meeting (and sometimes its password) on some form of social media asking others to disrupt the conference. Zoom hopes this feature will prevent these disruptions before they take place. Cybersecurity professionals need to be aware of another form of conference call eavesdropping that has complicated the response to some ransomware incidents. When emergency conference call information is sent to business leaders via email in the middle of an intrusion, threat actors have the opportunity to see the invitation if it lands in any employee email account that they’ve compromised. On several occasions, threat actors have been known to quietly join meetings to eavesdrop on the conversation between the responders and decision-makers. To keep incident response meetings secure, it is important for companies to establish an “out of band” alternate way to communicate, such as through end-to-end encrypted mobile messages.