- Some of the widely used video-conferencing apps include Zoom, Cisco WebEx, Google Meet, and Slack.
- While Zoom tops the list of the highly used conferencing apps, it has also received flaks for critical security flaws in its settings and data leaks.
Performing business through teleconferencing apps during the ongoing COVID-19 crisis has become a ‘new normal’ for organizations worldwide. Some of the widely used video-conferencing apps include Zoom, Cisco WebEx, Google Meet, and Slack.
While Zoom tops the list of the highly used conferencing apps, it has also received flaks for critical security flaws in its settings and data leaks. However, this is not only the case with Zoom. Other collaboration tools such as Slack, Trello, WebEx and Microsoft Teams are also not immune to cyberthreats. Apart from exploiting security bugs, these collaboration apps have messaging components that can be used for phishing attacks and to deliver malicious payloads through links and attachments.
Security holes in Slack can lead to ATO
The risk posed by collaboration platforms is far from hypothetical. In March, for example, a critical vulnerability was found in Slack, which could allow automated account takeover (ATO) attacks and lead to data breaches. The flaw, tracked as HTTP Request Smuggling bug, forced the victim into an open-redirect, thus collaborating with a rogue client using malicious domain cookies.
Alongside the above, Slack was also riddled with another critical vulnerability that could allow attackers to perform MiTM attacks. In April, researchers found that Slack’s Incoming Webhook was vulnerable to phishing attacks. The exploit could be abused by sending malicious messages to a leaky webhook.
Cisco’s WebEx is also not spared to threats
Aside from Slack, Cisco WebEx has its share of security flaws, two of which were patched in March. These flaws could allow an attacker to execute code on affected systems. And earlier in the year, it addressed a bug in that WebEx that could let hackers barge in on password-protected meetings.
Apart from security flaws, the conferencing app was also used in a phishing campaign to harvest Cisco WebEx credentials. The campaign relied on phishing emails that appeared to come from spoofed address ‘meetings@webex[.]com’ with subject lines such as “Critical Update” or “Alert”. The emails included a link that redirected users to a fake Cisco WebEx login page that looked identical to the original one.
Fake domains of Google and Microsoft Teams created
Cybercriminals were also found registering fake domains with ‘Google’ and ‘Microsoft’ embedded in it. The official ‘classroom.google.com’ website was impersonated by two fake domains - googloclassroom[.]com and googieclassroom[.]com. Additionally, security researchers had also detected malicious files with names such as ‘microsoft-teams_V#mu#D_##########.exe’ that could result in the download of potentially unwanted adware.
Given that these apps are a rich repository for sensitive data, cybercriminals can use them as a channel to steal many companies’ internal data, customer files, internal systems information, and credentials. An analysis from Kaspersky had revealed that a total of 120,000 suspicious malware and adware packages were found masquerading as versions of the popular video calling apps. While 42% of these malicious payloads were disguised as Zoom, 22 percent were camouflaging as a WebEx app. Some 11% of these malware packages had disguised as a Skype app to infect users.