Blog

    If Your Company Thinks your Virtual Collaboration Events are Secure, Think Again

    by Kevin Howe-Patterson, VP, PLM and CTO at Kandy

    kevin-h-p-headshot

    When the COVID-19 pandemic began, organizations across the world were forced to allow their employees to work from home to prevent the spread of the virus while continuing operations and serving customers.

    With most employees working remotely, online real-time video communication platforms saw a sudden increase in its popularity, as organizations used them to keep employees, customers, partners, and supply chains connected.

    The move to the easiest to implement platform came with unintended consequences - including security breaches. As numerous unsecured devices connected to the Internet, even via enterprise Virtual Private Networks, it gave intruders more potential avenues into your environment. Many companies were left with their proverbial doors and windows unlocked.

    The Rapidly Changing Work-From-Home Landscape

    The sudden need to transition to a work-from-home setup left many enterprises and SMBs with little time to ramp up security measures to ensure that it fits the requirements demanded by remote work. 

    Hackers set their sights on the global workforce working from home, with the use of malware attacks, weaponized websites, and phishing attacks targeted to trick employees, and let cyber criminals gain access to sensitive data via video conferencing platforms. 

    With weaponized websites, remote workers thought they were installing a normal popular free video collaboration platform, only to have been infiltrated by an infected version of that platform.  

    The infected nefarious sites then collected information about the computer's GPU, CPU, operating system, video controllers and processors to help the attackers gain access to all of the user’s files and networks in a classic “pivot attack” approach.  

    Cybercriminals exploited popular trends – significantly increasing threats during the pandemic

    A Webroot report found that since the beginning of the pandemic, there has been a 2,000% rise in malicious files containing the string “zoom”.

    Phishing also became a popular form of video-conference hacking amidst the pandemic, as attackers sent emails or messages to users claiming to be the video-conference platform itself.  

    These phishing scams successfully created a sense of urgency, usually citing an upgrade or a patch that the user needs to use the platform. These were performed knowing the worker had some upcoming meeting, and would need the platform fixed, which naturally led to the user giving out their credentials resulting in a successful hack by the attacker. 

    The now notorious “zoombombing” trend, in which an unauthorized user joins a Zoom conference, either by guessing the Zoom meeting ID number, reusing a Zoom meeting ID from a previous meeting, or using a Zoom ID received from someone else, became top news with serious consequences in many cases. 

    While at the university level there were various instances of zoombombing pranks, serious situations, some of which included attackers running pornographic content during elementary school virtual classroom events, stunned the world.

    More sophisticated and nefarious intruders discreetly entered video conferences, captured screenshots of confidential information, and recorded video and audio from the meeting. These clever adversaries stayed in the background and infiltrated valuable information and data, while some reports claimed information gleaned from a live meeting could be used to directly to hack into a company's servers.

    Solving the Common Virtual Collaboration Security Weaknesses with Kandy

    At Kandy, we give organizations the tools necessary to fend off would-be cyber attackers. Our customers can adopt high-quality video-conferencing platforms, utilizing those solutions to their maximum potential - without worry!

    Our customers use Kandy Cloud UC, which offers Smart Office collaboration tools that let participants engage, and stay engaged, from anywhere. The unified nature of those collaboration solutions eliminates expensive dedicated services, with a personal collaboration room that is secure from potential cyber threats.

    Our MeetMe Audio Conferencing supports reservation-less conference rooms, users dial a common access number and quickly enter using the virtual room’s access number, while room moderators have a personal passcode that controls access and services for extra security.

    Kandy’s Smart Office services also makes it easy to extend an audio conference with screen sharing or enrich the collaboration, and robust moderator controls can silence a mysterious barking dog or, more importantly, lock a conference to preclude unexpected guests.

    As the light at the end of the pandemic tunnel begins to shine, more workers are headed back to offices, but some major forms of remote work and video-conferencing remain.

    At Kandy, we make sure that you and your employees, customers and partners can stay connected no matter where or when, and have access to the necessary tools to keep your organization safe from the myriad of cyber attackers looking to hack their way in. 

    Contact Us to learn more about how we have helped our customers and partners build faster solutions with less risk, using UCaaSCCaaS, and CPaaS on the Kandy platform recognized as one of the world’s first and finest.

    Or, to chat live with an account representative, click on the image below or scan with your smartphone.

    Blog130721