Organisations and individuals taking the help of web conferencing to work from home should guard against the “prying eyes” of cyber fraudsters as attacks engineered by them could lead to compromise of sensitive information, a CERT-In advisory said on Thursday.
The advisory said fraudsters prowling over the internet havefound web conferencing “an opportunity to conduct unauthorised activitiesresulting in obtaining of sensitive information of individuals andorganisations such as employee information, product knowledge, trade secrets,among others”.
“It is necessary to protect confidential data fromprying eyes,” the recommendation accessed by PTI said.
The Computer Emergency Response Team of India (CERT-In) isthe federal agency to combat cyber attacks to guard the Indian cyber space.
A Home Ministry spokesperson also issued a statement, sayingthe Cyber Coordination Centre (CyCord), under the Ministry of Home Affairs(MHA), has issued an advisory on secure use of Zoom meeting platform by privateindividuals.
This advisory states that the platform is not for use bygovernment officers for official purposes.
The document makes reference to earlier advisories ofCERT-In and states that Zoom is not a safe platform. The guidelines have beenissued to safeguard private individuals who would still like to use theplatform for private purposes.
The broad objective of this advisory is to prevent anyunauthorised entry into a Zoom conference room and prevent the unauthorisedparticipant to carry out malicious attacks on the terminals of other users inthe conference.
It added that the COVID-19 outbreak has led organisations,educational institutions and many others “to incorporate” webconferencing for communication from home to break the chain of the virusspread.
Web conference is a service which enables users to conductmeetings, conferences, presentations, training through the internet withoutbeing physically present at one location.
The facility allows real-time communication and offersstreams of data through text messages, voice and video calls. The federalagency underlined some potent threats in this context and said the attackerscan join a web conference if no password is required to join it or if they getto know the access code and then they can send malicious links in chat toextract information.
It said vulnerabilities of a web conference platform, if notpatched on time, could also allow attackers to exploit the target system.
CERT-In suggested some counter-measures to check theseinstances and install the web conferencing system through a distinguishedvendor, which allows encryption of data and provides intrusion control andpermits non-persistent flow of data.