Zoom quickly became remote workers’ favourite most hated app to do video conferences for work and school. Not only do those staying at home during the pandemic have found the need to use this app, but hackers have gained deep value from accessing Zoom accounts.
In a recent interview by the Motherboard, it was revealed that Zoom exploits are being sold on the dark web for no less than $5,000 and up to $30,000. This information was presented after a hacker revealed to have earned such an amount from trading exploits found in Zoom on the dark web.
So, what exactly are the Zoom exploits being sold on the dark web?
Anything from passwords and emails to webcam and microphone vulnerabilities. Although 30k is indeed a lot of money, hackers have revealed that other exploits are sold on the dark web for much higher figures. Some of these exploits include American social security numbers, tax information from people all over the world and bank account details.
At the beginning of the COVID-19 pandemic, thousands of Zoom users worldwide were the victims of hackers who accessed their accounts and posted pornographic content on the user’s screen during video conferences.
This appalling act just goes to show how cyber criminals are working around the clock to find vulnerabilities on users’ accounts in order to steal private data. Acts such as this portray the vital need for communication platforms of all types to incorporate end-to-end encryption and multi-factor authentication to mitigate the chances of cybersecurity breaches.
Unfortunately, the pornographic attacks are not the only ones that are known to have occurred to Zoom users. As Zoom became one of the most daily used apps in the world since the beginning of the pandemic, it also gained huge news coverage for controversies that arose from the app’s vulnerabilities and ease for hackers to access.
And it’s not only fellow Zoom users who have become aware of the security flaws the communications app presents. In April of 2020, Michael Drieu, a Zoom shareholder filed a class-action lawsuit against the app claiming that Zoom was aware of its security deficiencies and willingly hid security and privacy flaws that affected users.
Drieu’s lawsuit only confirmed what many experts in the cybersecurity field were already suspecting, which is that Zoom was overselling its privacy standards. One of the biggest factors that was concealed by the communications giant is that Zoom calls were not end-to-end encrypted, which allowed ease of access to cyber criminals.
The lawsuit forced Zoom executives to face backlash and harsh criticism for the reports made all over the world from ‘Zoombombing,’ which is the act of a hacker gaining access to an active user’s account and using it to display their own image or video.
The security breach issues have gone as far as causing Google to ban Zoom from being used as a means of communication between the company’s employees.
With such threats being caused by Zoom’s lazy cybersecurity techniques, corporations who rely on Zoom for virtual business meetings are having to focus on their private approach to cybersecurity. Without the end-to-end encryption guaranteed by Zoom, businesses are having to work hard on ensuring they are providing reliable network connections for their employees and are promoting better protection that is applied to devices used for remote working by company employees.
As a result of the backlash received from users worldwide and the US Federal Bureau of Investigation (FBI) caused by Zoombombing, Eric Yuan, who serves as Zoom’s founder and CEO, has apologized publicly for the privacy and security issues that have been shown to be a direct result of the security policies, or lack thereof, implemented by Zoom.
The security issues have translated to users as an increase of cyber attacks towards organisations of all sizes, specifically affecting small to medium-sized businesses. In order to protect a business, it is important for companies to resort to using communication apps that adopt a more holistic architecture in their cybersecurity systems.
In today’s society where cyber attacks are an ordinary occurrence, it is imperial for businesses to exercise responsible cybersecurity tactics in the workplace, which will put businesses one step ahead of potential cyber attacks that could result in the end of a business.