There have been a lot of questions around teleconference security during this pandemic. When people are forced to use a service more, the lack of understanding and security around the product breeds fear when they start to hear about the risks that are associated with it. Some of the questions we’ve been getting involve what are the risks when using Teleconferencing software, how are attacks using vulnerabilities to compromise systems, and how can I stop it before it happens to me? Well, here is a little background to each of these questions.
Meeting Bombing
This attack involves an uninvited guest joining a video conference meeting and either listening in on the conversation to disrupt the meeting or by sharing files that might be inappropriate or even malicious. This happens when you don’t require a password for your meeting and the attacker can discover or even guess the meeting ID.
The Proactive Fix: Require a password for the meeting. Remember, meeting invites are filled with trusted relationships. If hackers can get into this world, they can manipulate this trusted connection and damage your brand as well as your internal network.
Malicious Links in Chat
Once an attacker has gained access to your meeting, there are many ways they can move deeper into your systems. After a successful “Meeting Bomb” or even a phishing email that allows access to your calendar invites, the attacker can join a meeting and trick participants into clicking malicious links shared in the chat. This can be an effective way to steal passwords since many times the meeting software is set to use their corporate network credential. A simple fake prompt that’s designed to look like a system message can trick users into entering their information before they have access to the group file share.
The Proactive Fix: Again, require a password for the meeting! User training can also help with giving employees the knowledge to sniff out the person who doesn’t belong in the room. Challenging the identity of the attacker is often enough to scare them away, but you must build a culture of security for these methods to be effective.
Stolen Meeting Links
Reusing meeting links might sound like a good idea. Keeping a running chat history and even solving the problem of which meeting to join can save time when trying to keep the business moving forward. However, it’s important to note that hackers can use them too. Once they’ve identified a scheduled daily meeting, it can be easy for them to formulate a plan of attack knowing they already have a backdoor into your network.
The Proactive Fix: Make sure you turn on notifications that will let you know when someone has joined your meeting room without you. Another good way is to not allow other users to join your meeting before you by disabling “Join Before Host.” This can stop an unauthorized attendee from starting the meeting and lurking in the background waiting for you to divulge your company secrets.
Data Shared with Third Parties
When dealing with Software as a Service (SaaS) solutions like Microsoft Teams, Zoom and Cisco WebEx, make sure these applications are properly configured. It is not uncommon for your system administrators to be tasked with standing up a teleconference solution as quickly as possible and make available and usable to all employees. In their haste to provide a solution, system administrators may overlook security configurations and unintentionally provide an attacker with an entry point into your network. During this process, they might overlook the security settings until there is a problem and it’s too late.
The Proactive Fix: Some solutions can control data sharing and automatically detect and remove files that might be considered as confidential and personal. It's important to have a policy in place to enforce these security standards and address the appropriate security controls. Making sure your data is classified, encrypted and surrounded by role-based controls so that only authorized users can access it is essential.
Malware and Ransomware Attacks
Files and data shared over teleconferencing meetings are often thought about as secure because people trust that they are in a room with only people they know. However, once the door to the meeting room is breached with a meeting bomb, everything is off the table. Malicious files can be dropped, and links can be exchanged without the need for a hacker to get past the physical network your firewall protects.
The Proactive Fix: This might seem basic, but when your network security layers fail, your anti-malware solution might be the last line of defense. Defense in depth is always the best strategy at thwarting an attack. If a file is shared with an infected packet, make sure your anti-malware solution is updated and activated. You should also be doing internal vulnerability scanning to ensure that you don’t have any system-wide vulnerabilities that ransomware can take advantage of and spread across your network.
Other Considerations for our World of Remote Work
- Make sure you have an adequate business continuity plan in place in case key employees cannot work at a critical time. Having a plan to deal with emergencies can limit the confusion of firing out an open-ended meeting invite to a large group of people.
- Make sure employees are using a Secure VPN to access network resources. Internal company resources should only be accessible via a securely configured VPN, and multi-factor authentication should be the best practice for authentication from outside the corporate network. Also, remember to test this service before you need it to ensure it can handle the load if all your employees should need to use it.
- Make sure you are scanning your network for vulnerabilities. If a piece of ransomware did get on your network and start to spread, information about your current vulnerabilities can be critical to identifying and containing the risks. Knowing where your weak points exist can help you divert the appropriate resources to bring those risks to an appropriate level.
- Adjusting your telework policy to include security-specific mandates around telework can give direction to employees that might be lost in times of conflicting communication. Here are some policy adjustments you might want to consider.
1) Reasonable steps must be taken to ensure that company property is used in compliance with security policy standards.
2) Employees must comply with all software licensing agreements.
3) The security and confidentiality of business records must also be maintained.
4) Sensitive data should not be placed on a personal computer or device but instead should be accessed via secure remote access technology.
What should I do?
Here is just a quick list of things to keep in mind in the age of teleconferencing. The list below is straight from the FBI who is in the process of responding to an array of teleconferencing hijacking as a response to hackers trying to take advantage of the teleconferencing going on during this COVID-19 pandemic.
- Do not make meetings or classrooms public.
- Require a meeting password or use the waiting room feature to control the admittance of guests.
- Do not share a link to a teleconference on an unrestricted publicly available social media post. Provide the link directly to the intended participants.
- Ensure your organization’s telework policy or guide addresses requirements for physical and information security.
Written by Grant Codak
Grant has over a decade of IT experience spanning a variety of domains with a focus on defensive security. Grant is currently a Cybersecurity Expert at TechGuard Security where he performs a wide variety of proactive security services, including penetration testing. He also holds the following certifications: CISSP, CEH, Security+, Network+, A+, and Metasploit Pro Certified Specialist. Recent responsibilities include, a Senior Web Security Engineer at a Fortune 50 organization along with a variety of application administration roles in security operations. His past project work includes, web tool development as well as firewall and web proxy migrations. Currently at TechGuard Security, Grant conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Grant ties his knowledge together with his deep understanding of network operations and security architecture to deliver approachable report analysis to clients. Grant is also a nature enthusiast and enjoys mountain biking, hiking and kayaking.