The same default setting that allows attackers to “Zoom bomb” schoolchildren or remote workers meeting online with racist and pornographic content could be used to by cybercriminals to unleash their malicious bag of tricks during the COVID-19 pandemic.
“An attacker could create a malicious invite link and trick Zoom users into clicking on it, leading to a phishing page or malware download,” said Comparitech Privacy Advocate Paul Bischoff, responding to a Los Angeles Times report that bad actors were taking advantage of both an uptick in Zoom conferences and a default setting on conference platform that lets conference-goers share screens but also allows anyone with the link to join. “If legitimate invites or meeting IDs are leaked, attackers could find them and join video conferences to spy or just cause trouble,” he said.
Bischoff cautioned hosts posting links to Zoom conferences on public sites to “rethink their strategy” and verify participants with passwords “or limit participants to a particular email domain,” both of which are features built into Zoom.