Del Aden’s thoughts….How virtual meetings expose African gov’ts & organisations to attacks and fraud

0
Del Aden

As the pandemic leads most of us online, cybersecurity remains crucial. With COVID-19, Video conferencing has become very popular very quickly. Attackers have noticed and moved to capitalise on that popularity and brand strength. Not only are attackers using video conferencing brands as a lure for malware, but they’re also using it for credential phishing – in particular to steal Zoom and WebEx credentials.

Zoom, the leader in modern enterprise video communications, is well on its way to becoming a household verb; and as a result, its stock price has soared.  Whereas the Zoom platform offers a myriad of benefits to those who have to work from home during this period of time, as with any tool it is important to be aware of possible risks and use the functions available to you on the platform to communicate safely.

The latest wave of attempted cyber-attacks predictably focuses on the COVID-19 coronavirus pandemic, which has seen millions of people switch to working from home to comply with national lockdown regulations. However, experts have warned that users of these popular video conferencing services should be on their guard against phishing attacks seeking to steal their service credentials,

Governments, business organisations, religious bodies and schools, among others, have had to work remotely due to lockdowns imposed because of the coronavirus. This has led to the use of technology applications such as Zoom, Microsoft Team, Mixlr, Facebook Messenger and Skype.

Consequently, concerns over national security are growing as several African government and private organisations in Africa turn to virtual space for meetings. The worries stem from the porous state of cybersecurity in Africa, which unless it is adequately protected could be breached by cybercriminals desperate to explore loopholes and wreak havoc on unsuspecting individuals, private and governmental organisations.

Breaches are expected to increase significantly as more people work remotely. Already, one of the oldest churches in San Francisco, USA, is suing Zoom Video Communications Inc. after a hacker infiltrated its virtual Bible study session and subjected participants to pornography. Earlier in the month, also, hackers reportedly disrupted a virtual meeting of South African lawmakers – flooding the video call with pornographic images. In the May 7 incident, the hackers hurled racial and sexual insults at the Speaker of the National Assembly, Thandi Modise.

Also, of major concern is the issue of nation-state security, as some of the video conferences are stored in foreign countries such as China. Information has appeared to say that Zoom and other components within the cyber world may be looking at what you do while on their platforms.

Whereas Zoom has become widely used by individuals, companies and schools, questions have been raised about its use by governments amid fears that others could spy on conversations.

It is fair to say that COVID-19 has created – and continues to create – awe-inspiring intelligence-collection opportunities. It is my belief that Zoom will be a big part of that intelligence bonanza. As such, it is up to individual nations and organisations to put the necessary control measures in place to safeguard their confidential data.

What can governments & organisations do?

First, organisations need to be very wary of risks which present themselves.  For more sensitive conversations, alternatives can be considered and more stringent measures put in place.  I urge any business dealing with sensitive data to consider sharing that data over more secure and private means – such as PGP encrypted emails, Signal, or Wickr.

Secondly, it should go without saying that security teams must take pains to educate their users it is never acceptable to share screenshots of their remote working desk set-up or on-screen applications under any circumstances.

It is critical that users are diligent with personally identifiable and sensitive information they share on the Internet. With videoconferencing tools, users have to be aware of what is around as well as any on-screen information. Just like with telephone conferences, the video meeting ID is a sensitive piece of information that allows users to gain access to a meeting. Video conferencing services which offer the possibility of locking a meeting have an advantage, as it allows the meeting host to stop any unwanted participants from joining,

Training and support

Remote working is a novel experience for many businesses, and we are seeing many employees publicising their experiences across social media channels. While we would not discourage organisations from championing their experiences, we do encourage firms to be responsible in what they share.

Employers need to give their employees the necessary training and support in order for them to appreciate and understand the need for secure communication while working from home.  This is why Delta3 International is offering training to all organisations for all remote workers.

The main objectives of the Delta3 Training & Technology for Remote Workforce is to help train your employees on the technology and best practices, norms and culture of home-working; and also to assess your organisation’s remote working policies, processes and technology to advise how your home working solution fits within the Global Best Practices – thus keeping you and your employees safe, and your organisation’s data and other digital assets secure.

In conclusion, when possible, encourage employees to use a company-issued computer that has been patched properly; utilise 2FA; make use of the latest endpoint protection solutions to prevent malware and other client-side attacks; and promote continuous awareness training for staff to help them understand how to avoid being the ‘low hanging fruit’ of such attacks.

 

>>>The author is Managing Partner, Delta3. As an Enterprise Architect and Information Security Consultant, Del Aden is an industry-recognised security expert with over 20 years of hands-on experience in consulting, training, public speaking, and expert witness testimony.

As the Managing Partner for Delta3 International, Del now focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. An astute speaker and trainer, Del is on the cutting-edge of cybersecurity research and development.

For comments, contact author: [email protected]  Mobile: +233 202621350 (GH) or +44 7973 623 624 (UK). Website: www.delta3.co    Contact us: [email protected]

Leave a Reply