Attackers can use Zoom to steal users’ Windows credentials with no warning

An unpatched bug in Zoom running on Windows can allow hackers to join your meetings and post links that if clicked can yield unpleasant results. Be careful what you click and don’t open links you aren’t expecting. If the link seems out of context definitely do not click it and ask your team if they sent it.

Read the full article from Ars Technica here.

While this threat is specific to Zoom running on Windows computers, this is a great example of how attackers can shift their focus based upon current events. Hundreds of thousands of people just started using Zoom in the past few weeks, and are largely unfamiliar with it beyond starting or joining a meeting.

WHAT ZOOM SAYS… 

Zoom has acknowledged the vulnerability and state that they are working to address it, so watch for updates – but, please be wary if you start to receive emails with links to update your zoom software. Zoom will most likely prompt to update when you launch the application once they have this fixed, and not email you out a link to run the updates.

Have cybersecurity protection questions? Contact us now.

Forget email.

You can now communicate and collaborate with co-workers, colleagues, and other people for free with several different apps. As much of the workforce is working from home now or maybe even a self-quarantine has been established, it’s easy to start feeling isolated. Here are our three suggestions for staying connected even from your kitchen table, er, “home office”.  And, don’t forget, if you use your computer (over your cellular phone) then you will need a webcam with microphone.

MICROSOFT TEAMS

If you have a Microsoft Office 365 account, then you have access to use a Business Teams for free! You can install this on your computer as well as your phones making it accessible and easy to use from anywhere. This is a fantastic resource that allows you to do a multitude of things across your business with all of your team: 

• Chat in Groups: Create one for each department as well as a General one for everyone. 

• Start a Live Virtual Meeting: Normal Tuesday meeting? Setup a virtual one and invite everyone through Teams for a video meeting. 

• Start a Private Chat: Only want to talk to Karen? Send her a direct chat message.

• You can also attach files from your computer, send photos, post a gif.

• It also has integrated apps that you can install like Trello or Asana.

ZOOM

Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as offices and classrooms. This is a great option for Medical Offices trying to get telemedicine started pretty quickly.

Zoom offers a full-featured Basic Plan for free with unlimited meetings; however, it’s online only with no options to dial in for the free version. Your Basic plan has a 40 minutes time limit on meetings with three or more total participants.

MARCO POLO

How about something fun on the personal side? Marco Polo is a call-and-response video messaging app made for your phones. This is great to group chat with all your cousins across the country. Send a video message and they watch it when they are available. Often referred to as the video walkie-talkie, it’s fun and super easy to use.  It does have silly filters to use and you can also sent likes and hearts as you watch others’ Polos. 

Many workers in the U.S. are calling home their office for the next several weeks as the Coronavirus spreads. If working from home is part of your company’s plan, the time is now to think about protecting devices you or your staff will use in their home.

Enter cyber hygiene.

We recommend arming your employees with the basics of work-from-home security. These include:

• Remote workers should have access to a virtual private network (VPN)

• Two-factor or multi-factor authentication should be enabled for all devices and accounts

• Advise employees to secure their at-home Internet connection and turn off and unplug work devices when not in use

• Alert employees to possible email scams and never click on links, especially those related to COVID-19 they may receive unsolicted

• Remain up-to-date on all security patches

• Don’t mix work and personal devices

COVID-19 PHISHING

It’s very important during this time to stress to your team not to overlook the importance of watching what emails are opened and what links are clicked. Be very wary of opening emails with information regarding COVID-19 as attackers are using this as an easy-in since it’s such a hot topic. Go one step further and encourage staff to only get their news from trusted sources such as the television, radio or legitimate news websites. There is no reason to read an email or click on a link regarding this topic no matter how tempting it may seem. There is an excess of information available elsewhere.

The last thing you need during a pandemic is backlash over a data breach or worse, ransomware.

RANSOMWARE PREVENTION

A TALE OF TWO SCHOOLS

Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans. 

The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.

School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier.  Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.

The University of Maastricht, The Netherlands

School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase. 

LESSONS LEARNED?

The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes. 

 TODD’S TAKE ON THE RECOVERY:

After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data. 

summary:

• Be sure to have a good backup in place;

• Cyber insurance is a great idea;

• Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting. 

 WANT TO TALK?

Want to talk to our Chief Information Security Officer about a better strategy for your business?

READ THE ARTICLE BY SC MAGAZINE NOW

PHISHING WITH OFFICE 365 SPOOFS

You are probably familiar with the phishing scams that attempt to get you to share your Office 365 password with the criminals, via a fake Office 365 logon page. Well, there is a new twist you need to make everyone aware of in your organization.

The lure used in this new phishing scam is nothing new; typical social engineering trying to get you to do something you should not do. What is unique is the method used to gain access to your Office 365 organization. Below we explain how the criminals are trying to get access to your information through Office 365.

SPOT A SCAM

Like a lot of these scams, you’ll be presented with a logon page for Office 365 like this one (right), which is the right Microsoft Office 365 logon page, not a fake one:

After you login, or if you were already logged into Office 365 (many people stay logged in), you’ll then see this permissions request pop up (image left). THIS IS THE BAD GUYS asking you to allow them access to everything in Office 365 account!!!

STAY ALERT

Careful attention to the things you are being asked to allow access to should trigger an alarm bell. While this is an actual function in Office 365 that has legitimate uses, if you are casually checking emails and this pops-up, immediately stop what you are doing and alert your cybersecurity team or IT department. This technique abuses the add-ins feature of office 365.

Currently, this phishing exploit appears to be coming in via spoofed sender emails with One Drive attachments. However, there is no reason that the delivery method won’t change to other techniques eventually. The emails are like traditional phishing emails, usually from a spoofed sender. Some email filters will probably catch these before anyone receives them. Security-aware people who know how to spot phishing messages probably won’t fall for this one if they stay alert!