John Pescatore - SANS Director of Emerging Security Trends
It Is Time for a Web Conferencing Security Checkup.
This week's Drilldown will focus on one item (included below) from NewsBites Issue 92, which reported on vulnerabilities in Cisco's Webex teleconferencing/collaboration software that require patches.
Most of the world is seeing rising rates of coronavirus infection, attributed to pandemic fatigue where people and organizations are less vigilant in following many of the safety measures that are critical to stopping the spread of the virus. Work-from-home security fatigue is likely happening at many organizations, as well.
Many weeks I find myself completely filling in my "web conferencing Bingo card," where in one week (or sometimes in one day) I will do calls on Zoom, Webex, GoToMeeting, Microsoft Teams and Google Meet--and occasional others I had never heard of until recently. Web-based work meetings have become routine for a lot of people, and it is natural that complacency will set in.
This is especially likely because after the initial rush of publicity around "Zoom-bombing" and the like, there have been very few reports of security incidents related to web conferencing. But we really don't want the security incident curve to look like the COVID-19 infection curve!
So now (or after the Thanksgiving holiday for companies observing that holiday) is good time to take some proactive steps:
- Freshen up your user education awareness outreach, especially if the web conferencing content had only focused on one of the web conferencing applications.
- Check the patch levels of all PCs and servers and get them up to date, especially VPN servers and clients.
- Take a look at the CIS Videoconferencing Security Guide and the updated NSA Selecting and Safely Using Collaboration Services for Telework guide.
- Prioritize development of a data discovery and security architecture and program for 2021.
Bottom line: Pandemic fatigue is real and impacts cybersecurity, too. We know what happens when emergency departments exceed capacity. Take proactive steps to ensure that your incident response capabilities don't come close to reaching that point.
Cisco Webex Flaws Could be Exploited to Join Meetings Surreptitiously
(November 18 and 19, 2020)
Three vulnerabilities in Cisco's Webex video conferencing application could be exploited for individuals to join meetings as ghost users, who are able to listen in without the knowledge of other meeting participants or the host. An attacker could exploit one of the flaws to access the names, email addresses and IP addresses of meeting participants. Another flaw that could be exploited allows users to remain in a meeting even after being dismissed by the host. Cisco has released updates to address the vulnerabilities.
[Pescatore] In the 2020 SANS Top New Attacks and Threat Report, Johannes Ullrich pointed out the risk of vulnerabilities in the numerous "persistent and promiscuous web agents" in use for applications such as Webex, Zoom and others. The Center for Internet Security recently released a good security guide for videoconferencing systems.
[Neely] Cisco patched its cloud-based servers. You need to patch or update on-premises Cisco Webex Meetings Server 3.0M3 Security Patch 4 and earlier, 4.0MR3 Security Patch 3 and earlier, and mobile versions prior to 40.10.9.