April 01, 2020

OFFICE OF THE CISO

Zoom Boom (Advisory)

In wake of the COVID-19 pandemic, the usage of

Zoom application as a video conferencing platform
has increased exponentially. A significant number
of the employees currently rely on Zoom for their
official meetings and collaboration while working
remotely.

Due to Zoom’s steep growth and popularity,

Cybercriminals are using this as an opportunity to
further their ulterior motives by:

 Registering new fake "Zoom" domains and malicious "Zoom" executable files in an
attempt to trick people into downloading malware on their devices.
 By joining random Zoom meetings, using the meetings link (usually shared publically i.e.
on twitter, Facebook, WhatsApp groups) with intents of malicious activity. Anyone can
join a Zoom meeting as long as they have the meeting link.

For normal users / participants, we suggest to keep in mind the following:

1. Always download authentic Zoom software from https://zoom.us/download for

laptops and PCs. For mobile devices, use Google Play Store (Android) and Apple Store
(iOS).
2. Ensure that your Zoom application is up to date. Download the new version as soon as
it is available.
3. Whenever a meeting invite is shared, double check that it is from a trusted source
(known user) and that the meeting link is legitimate. Sometimes malicious emails can
even be received from spoofed or compromised sources.
4. Be aware of the phishing emails that can appear as Zoom invitations.
5. If a hacker gets access to a meeting (usually when the meeting invites are publically
published), they can spread malware by sending files to users through chat. Please be
extra vigilant when opening files shared on the Zoom platform.
Here are some precautions to take, if you are a Zoom meeting host:

1. Unsolicited Screen Sharing

 Click the arrow next to "Share Screen" in the host controls at the bottom of the Zoom screen.
 Select "Advanced Sharing Options" and make sure the option to "Who Can Share?" is set to "Host-Only".

2. Control your audience via waiting room

 This puts all participants in a waiting area before the meeting starts, and you can admit them one by
one, or all at once. Please ensure that only meeting invitees are allowed.
 You can enable it by going to Account Management > Account Settings > Meeting > Waiting Room.

3. Lock the meeting once it starts

 This option prevents unwanted users from joining a meeting. In-order to enable the lock, click "Manage
Participants" at the bottom of the Host screen and select "Lock Meeting."

4. Turn off file transfer

 This will stop attackers from uploading abusive content through the in-meeting text-chat function. Go to
Account Management > Account Settings > Meeting > File Transfer.

5. Turn off in-meeting chat

 Restrict participant’s ability to chat amongst one another while your event is going on and cut back on
distractions.
 This is really to prevent anyone from getting unwanted messages during the meeting.

6. Enable your own two factor authentication

 You don’t have to share the actual meeting link.
 Generate a random Meeting ID when scheduling your event and enforce a password for joining.
 Avoid using your Personal Meeting ID (PMI) to host public events.

If you need any other assistance or you are unsure about the meeting invite link or
suspect it to be a phishing email. You should:

Always report suspicious emails / incidents to OCISO and IT at following addresses:

TO: report.phishing@sbp.org.pk
CC: it.helpdesk@sbp.org.pk ; helpdesk@sbp.org.pk

OCISO 24/7 Hotline:

OCISO has setup hotline numbers to report any cybersecurity related incidents; call anytime:
0300-920 5724 0331-872 6610