The year in review through the lens of a Jr cybersecurity analyst. Part I “The digital bombings”

Last year was certainly record-setting in terms of cyber-attacks and the slew of breaches and privacy issues reported were certainly telling. They were forboding of emerging, persistent, and potentially short-lived opportunistic trends.

We’ve seen high convergence of activity which targeted and exploited the “new normal” in digital life. This “new normal” was the widespread shift to a more prominent presence online (via PC and mobile devices) as a coping mechanism to national/state lockdowns and related travel restrictions during the coronavirus pandemic. To resume life as usual, individuals and organizations quickly turned to the virtual marketplace for shopping, learning, test taking, meeting, dating, food delivery and the like.

Affected by unique conditions brought-on by the pandemic, organizations across industries adopted “working virtually,” operating at reduced capacity, or applied any combination of the two to cut cost. Their dynamics dramatically changed as they suddenly had to depend on a digital presence to function and to a great extent, exist. This was notable in the education sector, namely in primary and secondary education institutions and some universities. Without substantial preparation, they were thrust into uncharted territory, the world of virtual learning via collaboration platforms such as Zoom and working remote amid the unravelling chaos. Soon meetings and virtual workflows drew attention from nefarious actors who undoubtedly saw opportunity outside of their usual prey.

Zoom made for an especially attractive attack surface due to its overnight sensation with the public during lockdowns. This was despite penetrable security features and a host of user credentials obtained from previous breaches. There were approximately 500,000 user accounts, says ISACA.ORG. The harvested credentials (also known as “credential stuffing”) were then leaked on the dark web. Zoom later mitigated by hiring security firms and enabling passwords to meetings. But not before a phenomenon to be known as “zoom bombing” took hold. Initially starting as pranks, raiding and hijacking video conference calls; disrupting them with obscenities and other offensive content rapidly escalated. Emboldened by anonymity, its orchestrators made the raids more targeted, literally weaponizing the platform for racist, homophobic, Islamophobic, and antisemitic attacks. Insidehireded.com reported on Dennis Johnson’s ordeal in: “Dissertation Defense on Zoom Interrupted by Racist Attack”. He was a doctoral candidate whose dissertation defense on zoom was marred with pornographic images and a racial slur. Zoombombers were even coordinating in plain sight according to the New York times article: “Zoombombing becomes a dangerous organized effort.” Online forums, and social media platforms such as Instagram, Twitter, discord and 4chan where they shared stolen meeting codes/passwords were becoming launching pads for future attacks. Needless to say, schools weren’t the only targets as support groups, businesses, and individuals adopting the platform without taking steps to secure their sessions also fell victim.

Securing a zoom session

Zoom meetings are attended by means of an invitation link or provision of a passcode.

The passcode is meant for current members of the site/app. This allows them to join the scheduled meeting after signing-in to their account. It is the most encouraged for a secure meeting and least convenient. Even then, do take the time to customize the passcode with some complexity, same as you would a password. The passcode already provided as you setup the meeting is often guessable.

The invite link is the most convenient and least secure as it affords anyone direct access to the meeting without logging-in. Although it may not be ill-advised to use, the following precautions are recommended:

· Only send your invite link to designated guests via email.

· Avoid sending them via social media where they can be stolen/shared outside of your consent.

· If using communication platforms such as Slack, Teams, Webex etc., limit the group seeing the link only to those individuals who you expect to have in attendance.

For every zoom meeting, you are encouraged to:

· Set Meeting ID to generate automatically if possible.

· Set waiting rooms. This adds an extra layer of security for you to screen guests trying to attend.

· Turn participant Video Off to prevent video disruptions.

· Mute Participants upon entry

In general, avoid using the same password on multiple accounts. Once one account gets breached, all remaining accounts are equally affected/compromised.

When in doubt, use the following site to find-out if your accounts have ever been involved in a breach. Haveibeenpwned.com.

Set a more secure password, as needed.