Virtual meetings continue to attract cyber attackers who use them to distribute ransomware, including GIF-based account takeover attacks. Earlier this week, Zoom agreed to pay $85 million to its users who were victims of bombings. Zoom also pledged to step up its efforts to prevent cyberattackers from spreading malware and account takeover attempts via chat on its platform. The company also promised to implement additional security and privacy policies as part of a legal settlement reached earlier this week. The web continues to be a vulnerable space for cyberattackers and the evolving security of virtual meetings, which has become a need accelerated by the pandemic, has been an easy target.

Before the pandemic hit, many CISOs were wary of early generations of virtual meeting platforms. The ability for cyberattackers to hide malware in HTML, JavaScript and browser code and then launch attacks targeting unsecured endpoints was one of the reasons virtual meeting platforms did not grow faster. before the pandemic. Once an endpoint is compromised, cyber attackers move laterally across a company’s network and launch additional malware attacks or impersonate senior management and defraud the company.

Increasingly sophisticated cyberattacks

The use of GIF images to spread worm-based attacks in Microsoft Teams on corporate accounts shows just how sophisticated these attacks are. Users only had to view the GIF in Teams for their authentication cookie data to be shared with the compromised subdomain. CyberArk’s recent blog post on how cyberattackers successfully used a GIF message to launch a worm-like malware variant into enterprises shows how anyone using Teams and Microsoft-based apps can potentially be vulnerable.

CyberArk’s post provides a timeline of how Microsoft responded quickly to thwart this type of attack and observed that cyberattackers could traverse an organization and gain access to confidential and privileged data. Hacking virtual meetings has become a new way for cyberattackers to reap the benefits of having privileged access credentials without having to steal them first.

The following graphic illustrates how the GIF-based attack works.

Why Remote Browser Isolation Works

What began as a strategy to simultaneously secure and create more collaborative virtual meeting platforms, Zoom and other platform vendors began installing a remote web server on user devices. To their credit, Zoom quickly fixed the issue, while Apple pushed a silent update to their systems to crash Zoom’s server. Zoom has advanced its security since 2019 and will need to improve, given the high cost of this week’s legal settlement. Their timeline reflects the challenges all virtual meeting platforms face in balancing security, speed, and responsive user experience while enabling virtual collaboration. Many companies initially resisted migrating from their old, slow and intuitive teleconferencing systems, given the security risk to Zoom and other platforms.

From the start of the pandemic and up until now, virtual and hybrid teams are flourishing in all organizations, creating a whole new set of security risks for virtual meeting sessions. This makes it harder for CISOs and CIOs to support the growing variety of unmanaged personal devices.

The growth of Remote Browser Isolation (RBI) over the past two years addresses the needs of organizations to bring a zero-trust security-based approach to all web sessions, regardless of location. Zero trust aims to eliminate reliance on trust relationships within a company’s technology stack, as any gap in trust can be a major liability. As a result, it’s an area that’s attracting enterprise cybersecurity vendors like Forcepoint, McAfee and Zscaler who have recently added RBI to their offerings, joining RBI pioneers like Ericom and Authentic8. Among these vendors and many other competing vendors in the RBI market, Ericom is the only one to have successfully developed and delivered a scalable solution that meets the demanding technological challenges of securing virtual meetings on a global scale. She filed a patent application for their innovations in this area.

RBI proves to be a more secure alternative to downloading clients which lack security and can cause software conflicts on endpoints that render them unprotected. RBI works by opening the virtual meeting URL in a remote, isolated container in the cloud. Virtual devices such as a microphone, webcam, or desktop in the container synchronize media streams with endpoint devices.

Only secure rendering data representing isolated users’ media is passed to participant endpoint browsers from the container. Similarly, isolated users only receive secure renditions of media from other participants. The isolated container is destroyed when an active virtual meeting session ends, including all the content it contains. Additionally, policies limit what users can share in virtual meetings via screen shares and chats. No images, video, or audio from meetings are cached in participants’ browsers, so they cannot be retrieved and reviewed after the meeting or shared. The solution also prevents malicious session recording enabled by malware.

Turning a cautionary tale into a proactive strategy

Virtual meetings allow teams to collaborate, create and complete complex tasks together. CIOs and CISOs who enable the underlying virtual meeting technologies must remain alert to the security risks of downloadable clients of virtual meeting platforms. Until now, there was no reliable way to secure them. While a lesson from the past, Zoom’s decision to load web servers onto users’ systems is a cautionary tale that every CIO I know is still talking about when virtual meeting platforms come in. in conversation.

RBI has the ability to isolate virtual meetings, which can alleviate the concerns of CIOs and CISOs who want a solution that can scale on unmanaged devices. Endpoint security has advanced rapidly during the pandemic alongside RBI, as organizations adopt a zero-trust-plus-trust strategy to protect every threat surface and reduce business risk. Therefore, securing virtual meetings becomes the core of a strong enterprise endpoint security strategy.