Login
The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.
The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).
Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.
Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.
Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.
The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.
To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:
|
|
Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.
And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.
More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.
So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.
In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.
Some video conferencing options alongside Zoom, WebEx, and Teams include:
|
|
Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.
|
|
Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.
Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.
Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.
Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.
The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .
The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.
To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.
As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.
Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:
Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.
Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.
Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.
Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.
Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.
Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.
Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.
Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.
All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts. Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.
Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.
Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:
Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.
Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).
Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.
Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.
Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.
Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.
Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.
Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.
Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.
Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.
Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.
Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.
The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .
FreshRSS 