Hot: Attacks Against Conferencing Software

With the pandemic showing no signs of slowing down, many employees are remaining at home, communicating with colleagues over teleconferencing and videoconferencing software. James Globe, vice president of operations at the Center for Internet Security (CIS), says attacks against those services will continue to be a concern.

He says organizations need to adopt formal corporate policies and procedures for staffers to follow to combat threat actors trying to piggyback on a session to eavesdrop on conversations and to view presentations that might contain sensitive information.

Globe recommends that organizations take steps like scrubbing invitation lists, password-protecting video conferences, sending out passwords in a separate communication from the meeting invitation, having the moderator manually admit participants, and locking the meeting once it starts.

Key numbers: More than 30% of companies reported an attack of their videoconferencing systems during 2021, according to the Acronis Cyber

The X9 Community:

Cyber-attacks have become the norm in today’s interconnected world. However, the Russia/Ukraine conflict has increased the threat level to US companies and individuals. Now would be a good time to check your computer’s security posture. Major corporations have their own IT departments that maintain their business computers and networks but you should check your personal computers and devices to make sure they are protected.

Some suggestions for things you can do to reduce your exposure and mitigate a hack:

Make sure security patches to your operating system and applications are current. Updates marked as optional, can be applied at your discretion.
It is a good practice to have a current external backup of your data. There are many services that provide cloud-based backup, some for free. You can also use a USB drive but do not leave it connected to your device when not actively saving files.
Create a bootable recovery image for your system. This will allow you to recover your computer should a hacker turn it into a “Brick”. Microsoft provides this function in the settings app.
For devices that are mobile and sometimes use a public network, you should consider using a Virtual Private Network (VPN) to encrypt your communications. There are many software products available that provide VPN support on laptops, phones, tablets, desktop computers and routers. It is a good practice to use a VPN on all devices whether they are mobile or not.
Be suspicious of all email and especially suspicious of attachments to email. If a person’s email or social media account is hacked, malicious software can send normal looking email to everybody on their contact list. Ask yourself, does it make sense to receive this email? Be suspicious. Send the person an email to confirm that their email is legitimate if you are not sure.
Consider using two different browsers. Use one for critical work such as logging into a bank or a financial institution. Do not access a search engine or surf the Internet using this browser. Use the second browser for email, social media, surfing sites or for web searches.
Login to your home router and update the software. Make sure the firewall is turned on and this is a really big one, change the default passwords. If you have a very old router, you might consider upgrading to a new system. The security will probably be improved as will the WIFI capabilities. If your home has a cable or DSL modem separate from a router, login to the modem and perform the same functions you did for the router making sure to change the default passwords. Also, for WIFI networks under your control, make sure you have locked all access including the “guest” accounts with a password. If you don’t know how to login to your modem, most devices have a label with instructions or you can go to the providers web site.
Lastly, turn your devices off when not in use. You will probably need to keep your cell phone on, but for any other device that is not in use, turn it off.