21 Jul, 2023

How Safe Are Online Meetings?

“Zoom bombardımanı kavramını daha önce duydunuz mu hiç? Video konferansları, insanları uzaktan çalışmaya ve video görüşmeleri ile bağlantı kurmaya zorlayan COVID-19 salgınının patlak vermesinden sonra daha aktif kullanılmaya başladı. Aniden gelişen bu olumsuz durumlar sonucunda WebEx ve Zoom gibi online görüşme yazılımları dünya çapında popülerlik kazandı. Online görüşmelerin artmasıyla bu yazılımlara yapılan siber saldırıların da atmasına neden oldu. Hadi gelin şimdi bu konuyu daha detaylı inceleyelim.

Online Meeting Usage Today

When COVID-19 first spread, businesses or institutions had to temporarily close their doors. After this situation, employees faced the difficulty of staying at home. Since many companies have been operating in the office space for years, it was difficult at first to establish virtual communication and work online. However, as we have seen, online meetings and conferences, both personal and business, have increased considerably since Covid-19. Companies that previously refused to allow their employees to work remotely began to support change in corporate life after seeing the benefits of the online environment.

Online Meeting Advantages

Online toplantıların en büyük avantajı, insanların her yerden katılım sağlayabilmesidir. Çalışanlar, fiziksel yerde toplanma endişesi duymadan evlerinde rahatça çalışabilirler. Bu sayede seyahat sorunlarından, ofis kapanışlarından ve diğer olası iş kesintilerinden kaynaklanabilecek sorunların çözülmesine yardımcı olur. Online toplantıların bir başka avantajı ise ekran paylaşımı, sohbet, anket ve diğer bileşenlerle katılımcılar her zamankinden daha aktif toplantılar geçirebilirler. Gelişmiş yapay zekâ destekli özellikleri sayesinde, herkesin söylenenlerin tüm ayrıntıları ile anlamasına yardımcı olabilir. Kayıt alma özelliği ile de katılımcılar geri dönüp daha önce katılmış oldukları bir toplantıyı istedikleri kadar izleyebilirler.

Online Meeting Disadvantages

The biggest problem encountered in online meetings is that users have technical problems in logging in and contributing to the meetings. While the platforms are very user-friendly and intuitive, there may be hardware issues such as server or internet connection interruptions.

Attacks That May Occur Against Online Meeting

After the start of the COVID-19 pandemic in 2020, workplaces around the world have switched to Zoom, Microsoft Teams, etc. switched to online communication platforms. Although this change in the way companies and employees work provides convenience to the parties, it has also created a new target for cyber attacks and fraudulent forms.

The attacks that can be made against online meetings are explained in detail below.

  • Meeting Bombing: In this type of attack, an intruder joins a video conference meeting to eavesdrop on the conversation or interrupt the meeting by sharing inappropriate media.
  • Malicious Links in Chat:After attackers access the meeting room, hackers attempt attack methods such as stealing credentials or installing malware by tricking participants into clicking malicious links shared via chat.
  • Stolen Meeting Links: It steals the meeting links created by someone else and forwards them to the victim person or institution.
  • Host Privileges Transfer: In this type of attack, the participant can wait until the end of the meeting and become the host if the host leaves before all participants. In this way, he gets some privileges.

Measures to be Taken Against Attacks That May Occur in Online Meetings

Setting up and actively monitoring security settings helps reduce the likelihood of attacks.

  • Setting a meeting password: By setting a password for your meetings, only users with the password can join the meeting.
  • Share the meeting link only with the intended audience: These attacks often happen because end users publicly post meeting links that allow direct access. The meeting link created to protect against this attack should only be shared with the relevant participants.
  • Use the waiting room feature: Use the "Waiting Room" feature, which allows the host to control when a member can join the meeting. As the host, you can accept attendees individually, or keep all members in the waiting room and admit them all at once.
  • Set recording to be enabled only by the host: To prevent others from recording the meeting without your consent or knowledge, it must be configured as the host to control the ability to record the meeting. Additionally, disallowing even one of the parties will prohibit taking screenshots of meetings, chats or screen sharing.
  • Disable meeting before host: Join meeting before host feature allows attendees to join the meeting before the host joins. When you disable this functionality, users who have access to the meeting cannot take over the host role.
  • Host screen sharing only: Make sure screen sharing in meetings is restricted to the host. If you need to allow other participants to share their screens, you can change this. The "Host Only" option ensures that no one else can control your presentation or class.
  • Keep your virtual meeting platform up to date: New updates for your app will be made available as security issues are discovered. It is quite important to update apps regularly to keep up with these fixes.

Online Meeting by Information and Communication Security Guide

Information and Communication Security Guide, Presidential Circular No. 2019/12 on Information and Communication Security Measures was published in the Official Gazette dated 06.07.2019 and numbered 30823 in order to determine the measures to be taken in general within the scope of information and communication security of public institutions and organizations and businesses providing services as critical infrastructure. In line with the published Circular, the Information and Communication Security Guide was prepared with the participation of the stakeholders under the coordination of the Presidency Digital Transformation Office.

The precautions and steps to be taken in the articles and explanations in the Information and Communication Security Guide are as follows:

  • 1.14.8 1 Use of Video Conferencing Applications:

Video conferencing applications must be hosted within the institution. If a third-party application that is not hosted in the institution is to be used, the application must be open source.

  • 1.14.10 1 Using Current Video Conferencing Applications:

It should be ensured that the video conferencing application is up-to-date and the latest patches are installed in the application.

  • 1.14.11 1 Unauthorized Participation in Video Conference Calls:

Unauthorized access to video conference calls, which can only be made using the meeting link address, should be prevented.

  • 1.14.12 1 Video Conference Sharing Operations and Chat Feature:

With the approval of the meeting moderator/assistant moderator during the meeting via the video conference application;

  • Screen sharing of the desired user can be stopped,
  • Can the chat feature be disabled,
  • The file sharing feature should be disabled.
  • File control should be done in file sharing to be made over the video conferencing application. If file control cannot be performed, file sharing over the video conferencing application should be prevented.
  • 1.14.13 1 Video Conference Attendee Management:

Access to the meeting via the video conferencing application should be prevented before the meeting modulator.

  • 1.14.14 1 Video Conference Meeting Room:

Naming the meeting room namings should be created in a complex way in meetings held on the video conferencing application.

What should we do as a result?

İnsanlar siber güvenlik platformlarının önemini anlamaya başladılar. Ancak, Online toplantı saldırıları yeni bir gelişme ve çoğu insan online toplantı oturumlarının saldırıya uğrayabileceğinin farkında bile değil. Bu farkındalık eksikliği, siber saldırganların rahat bir şekilde toplantı içeriklerinin kaydını ve kontrolünü sağlama, katılımcıları manipüle etme veya taklit etme gibi kötü amaçlı faaliyetlerde bulunmasına fırsat tanıdı. Oluşacak saldırı sonucu aslında gizli tutulması gereken birçok verinin herkese açık platformlarda yayınlanmasını sağladı.

Performing the above-mentioned measures in order will minimize Cyber Attacks, which will take steps to follow the movements and meeting flow of the participants before, during and after the online meeting.


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
With the COVID-19 epidemic, the active use of online meetings and video conferencing software called "Zoom bombardment" has increased. However, this has also increased cyber attacks. Details are in our content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram