Organisations and individuals taking the help of web conferencing to work from home should guard against the “prying eyes” of cyber fraudsters as attacks engineered by them could lead to compromise of sensitive information, a CERT-In advisory said on Thursday.
The advisory said fraudsters prowling over the internet have found web conferencing “an opportunity to conduct unauthorised activities resulting in obtaining of sensitive information of individuals and organisations such as employee information, product knowledge, trade secrets, among others”.
“It is necessary to protect confidential data from prying eyes,” the recommendation accessed by PTI said.
The Computer Emergency Response Team of India (CERT-In) is the federal agency to combat cyber attacks to guard the Indian cyber space.
A Home Ministry spokesperson also issued a statement, saying the Cyber Coordination Centre (CyCord), under the Ministry of Home Affairs (MHA), has issued an advisory on secure use of Zoom meeting platform by private individuals.
This advisory states that the platform is not for use by government officers for official purposes.
The document makes reference to earlier advisories of CERT-In and states that Zoom is not a safe platform. The guidelines have been issued to safeguard private individuals who would still like to use the platform for private purposes.
The broad objective of this advisory is to prevent any unauthorised entry into a Zoom conference room and prevent the unauthorised participant to carry out malicious attacks on the terminals of other users in the conference.
It added that the COVID-19 outbreak has led organisations, educational institutions and many others “to incorporate” web conferencing for communication from home to break the chain of the virus spread.
Web conference is a service which enables users to conduct meetings, conferences, presentations, training through the internet without being physically present at one location.
The facility allows real-time communication and offers streams of data through text messages, voice and video calls. The federal agency underlined some potent threats in this context and said the attackers can join a web conference if no password is required to join it or if they get to know the access code and then they can send malicious links in chat to extract information.
It said vulnerabilities of a web conference platform, if not patched on time, could also allow attackers to exploit the target system.
CERT-In suggested some counter-measures to check these instances and install the web conferencing system through a distinguished vendor, which allows encryption of data and provides intrusion control and permits non-persistent flow of data.