New Delhi: The Ministry of Home Affairs issued an advisory on Thursday where it said that video conferencing app Zoom is not to used by Government officers/officials for official purposes and it is “not safe” for use by private individuals as well.
This directive comes after the Computer Emergency Response Team of India (CERT-in) – had raised concerns over potential cyberattacks through Zoom. In an order issued on March 30, CERT-IN said that using Zoom without taking necessary security precautions, can make it vulnerable to cyber-attacks, including leaks of sensitive office information to criminals.
The latest advisory by the Home Ministry states that the National Informatics Centre (NIC) platform is being used for most government video conferences. Keeping security concerns in mind, government officials have been asked not to use any third-party app and services for meetings.While the MHA cautioned private individuals about security concerns, it also issued certain guidelines for minimizing the risk while using the Zoom app.
Also read:Zoom Meeting App Plans and Price: Which Plan is Best for Your Company, How to Download and Use?
These include:
Zoom had shot to overnight fame as millions of people around the world used the app to study, work and socialize in the times of COVID-19 lockdown. But the spotlight has lead to widespread scrutiny of security and privacy issues of the platform.
New Delhi, April 15: In what came as a breather for work-from-home employees lockdown, it has now turned as a security threat with almost 5,00,000 Zoom users being put on sale on the dark web at prices even lower than Re 1. Video chat services such as Houseparty and Zoom became immensely popular among people who frequently used these apps for work and related purposes amid the COVID-19 lockdown which restricted movements of people.
Also read:Work From Home Users Are Using Zoom As Their Favourite Tool
Bleeping Computer, a computer help site, has claimed that data of around 5,00,000 Zoom users are on sale on the dark web at prices even lower than Re 1. The report claims that the list of the sale was figured out by a cybersecurity intelligence firm Cybele around April 1.
It is when the intelligence firm purchased around 5,30,000 accounts at a price of just $0.0020 per account which roughly translates to 15 paise for each account. This was attempted to raise awareness around the security breach of the user data.'
It means that these accounts were hacked and the leaked data was further used to access other accounts. The accounts that are successfully logged into are then compiled and sold to other buyers.
Security researchers and users have also pointed out ways in which these apps may have violated privacy.
Most of the Zoom users' data targeted belong to banks and educational organisations where 290 accounts were connected to famous institutes like the University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado. While some of the leaked accounts were connected to companies such as Citibank and Chase.
In response to this report, Zoom said the company has already asked intelligence firms to detect password dumps listed by hackers. This will help them reset the passwords of users impacted by the hack.
"We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts," the company stated.
Meanwhile, Standard Chartered Plc has warned employees against using the Zoom Video communications during the lockdown citing security reasons.
Chief Executive Officer Bill Winters send the message across employees asking them to stop using Alphabet Inc's Google Hangouts platform for virtual gatherings.
This directive comes after the Computer Emergency Response Team of India (CERT-in) – had raised concerns over potential cyberattacks through Zoom. In an order issued on March 30, CERT-IN said that using Zoom without taking necessary security precautions, can make it vulnerable to cyber-attacks, including leaks of sensitive office information to criminals.
The latest advisory by the Home Ministry states that the National Informatics Centre (NIC) platform is being used for most government video conferences. Keeping security concerns in mind, government officials have been asked not to use any third-party app and services for meetings.
- Preventing unauthorized entry in a conference room
- Changing user-id and password for each meeting
- Locking a meeting
- Restricting the recording feature
- Restricting/disabling file transfer
- To end meeting (and not just leave, if you are an administrator)
Also read:Work From Home Users Are Using Zoom As Their Favourite Tool
Bleeping Computer, a computer help site, has claimed that data of around 5,00,000 Zoom users are on sale on the dark web at prices even lower than Re 1. The report claims that the list of the sale was figured out by a cybersecurity intelligence firm Cybele around April 1.
It is when the intelligence firm purchased around 5,30,000 accounts at a price of just $0.0020 per account which roughly translates to 15 paise for each account. This was attempted to raise awareness around the security breach of the user data.'
It means that these accounts were hacked and the leaked data was further used to access other accounts. The accounts that are successfully logged into are then compiled and sold to other buyers.
Security researchers and users have also pointed out ways in which these apps may have violated privacy.
Most of the Zoom users' data targeted belong to banks and educational organisations where 290 accounts were connected to famous institutes like the University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado. While some of the leaked accounts were connected to companies such as Citibank and Chase.
In response to this report, Zoom said the company has already asked intelligence firms to detect password dumps listed by hackers. This will help them reset the passwords of users impacted by the hack.
"We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts," the company stated.
Meanwhile, Standard Chartered Plc has warned employees against using the Zoom Video communications during the lockdown citing security reasons.
Chief Executive Officer Bill Winters send the message across employees asking them to stop using Alphabet Inc's Google Hangouts platform for virtual gatherings.
3 Comments
Nice Post Thanks For Sharing
ReplyDeletevideo conferencing app
Thanks for your appreciation
DeleteGreat Information Sharing Thanks
ReplyDeleteVideo conferencing Solution Development in India