In the wake of the COVID-19 pandemic, working from home has become the new normal for most organizations. Employees that were once in the office or at least occasionally in the office are now entirely remote. Monitoring this distributed workforce has posed challenges for security teams. Everything now revolves around the endpoint. Many of the applications are now SaaS-based and managed by third-party providers. There is no longer a single network egress point to monitor or a single datacenter to secure.

What is Zoom?

Zoom Video Communications, Inc. (NASDAQ: ZM) brings teams together to get more done in a frictionless video environment.

Zoom (ZM) provides cloud-hosted chat, video and audio conferencing, webinars, and virtual meetings. With the increase in remote business operations, Zoom’s popularity is soaring. In the new normal of remote work, cloud-based communications have become essential business tools. With fame comes increased attention. Unfortunately, the focus is both positive and negative. Attackers now see Zoom as a treasure trove of data. As the value of the target increases, so makes an effort spent on exploiting the platform.

Security Challenges Facing Zoom

Zoom has faced numerous issues since the start of the COVID-19 lockdown. It has been sued for overstating its privacy standards and improperly advertising end-to-end encryption. Researchers have found more than 500,000 accounts for sale on the dark web for less than a cent each. The US Senate sergeant at arms has warned members to stop using Zoom over data security concerns. School leaders in New York City, Washington, D.C., and Las Vegas have announced they are discontinuing their use of Zoom over security, privacy, and harassment concerns. The most egregious examples are children being Zoom bombed with porn during their virtual classroom meetings. Zoom bombing is where an unauthorized user joins or hijacks a Zoom session. Many organizations have attempted to counter Zoom bombing by enabling passwords in their meetings. Zoom has also paused their feature updates for 90 days to focus on improving their security.

Security Best Practices for Zoom

Security teams are trying to ensure employees with Zoom access keep the organization secure. The following security practices will help protect your organization from the risk of Zoom brings to your organization and your Zoom guests.

  • Limit the number of personnel with administrative privileges in Zoom.
  • Create a role with the least amount of privileges for Zoom end-users.
  • Keep Zoom client and apps up to date at all times.
  • Enable 2-factor authentication on your Zoom accounts.
  • Do not re-use a password for Zoom from any other application.
  • Ensure your meetings are password protected.
  • Do not post your Zoom link with the password on a public website.
  • Disable the “Join before host” feature.
  • Disable participant screen sharing unless needed.
  • Use the waiting room feature to allow only those who you want in the meeting.
  • Once your meeting attendees are all present, lock the meeting from any new attendees.
  • Watch out for Zoom phishing and lookalike domains and avoid directly clicking on Zoom links in emails. Go to Zoom.us and enter the meeting ID.

Monitoring Zoom for Security Threats

Visibility is the starting point of security. It’s easy to send Zoom audit events to DigitalStakeout Scout using a real-time Webhook. This approach will enable you to monitor Zoom for security issues, reliability, maintain a record of activities, and detect anomalous behavior.

Monitoring for Signs of Trouble in Zoom

  • Who is creating meetings, and for what number of guests?
  • What meeting IDs are repeatedly being used by guests?
  • Who is joining your organization’s meetings?
  • Are there in-active accounts suddenly being used?
  • Are there UNC file paths in file links?
  • Are there sudden new or delete actions?
  • Are personalized meetings being used?
  • Are there failed logins followed by a successful breach?
  • Are there admin settings not being used or modified against policy?

Getting Started with Monitoring & Securing Your Zoom

If you are a DigitalStakeout customer, please follow the instructions on the DigitalStakeout support site on how to connect a real-time Zoom webhook to DigitalStakeout with the Webhook collector.

If you are not a customer and need visibility into Zoom, Contact us nowand a member of the DigitalStakeout team will follow-up with you immediately. DigitalStakeout will provide your organization with a quick ramp solution to monitor and track Zoom activity specific to your situational awareness needs. We can have your organization fully set up and trained in a matter of hours. Act now and get the critical intelligence and information you need to protect your organization and your Zoom guests.