Question

When looking at the threat landscape, there are different types adversaries and they pose different types of threats depending on their capabilities, intentions, and the assets they are targeting. For example, nation states might target research companies or military websites trying to steal confidential and proprietary data. In addition, companies react to the loss of assets differently. The level and types of mitigation strategies will vary among organizations depending on whether there is a loss of one asset or of an entire category of assets.

For your initial post, identify a recent cybersecurity incident (within the last two years). Briefly summarize the incident, and post a link to an article on the incident if possible. Try to identify the threat actor(s) and the goal or intent of the attack. If there is no "why" put on your adversarial thinking cap and hypothesize what you think is the "why".

Answer 1

A recent cyber security incident which took place in the month of April 2020 was Zoom app bombing. Zoom app is a vedio conferencing platform for meetings, taking classes for schools and colleges and even used for conducting social gathering.

1. Cyber security agency cautioned against the cyber vulnarability of Zoom app.  Many cyber crimainals were accessing the sensitive informations of the meeting such as meeeting details, their conversations, and even taking snaps. Hackers started using webcam, microphone security to take data like passwords, emails or device information and started to exploit these. Zoom started facing Zoombombing and other privacy issued from different parts of the world. Online hacking of Zoom meet by replacing the Zoom video feed with worst languages, bad vedios and symbols etc.This app has been banned over concerns of security issues and spying. Even Google banned this app for its employees. Many schools and colleges also stopped using this app because of the security threats.

2. In the begining stages of Zoom, they provided end to end encyption facility to both paid and free users. Later they gave this feature only to paid users. So many issues arises regarding the security and privacy of Zoom. So again they took the decision to make E2E common for all the users of ZOOM. By April 2020 Zoom 5.0 was released and in the month of May all updated to the new version. The new version provides greater security and privacy host controls. Zoom came with many new featurs like waiting room facility, host should join first, locking the meeting facility, host can record the meeting and lots more.  

3. There were a lot of holes in the security of Zoom. Zoom was having a privacy policy that has the right to do whatever it eanted with user's personal data and its encyption. This creates a bad impact on Zoom. The chat function in Zoom meetinf also faces serious consequences regarding security. Zoom did not validate the contents of shared compressed files lik .zip files. Because of the lack of end to end encrption, hackers were able to post contents on the user screen during meeting. This is due to the laack of multi factor authentication.

4. Its better to join Zoom meetings through webbrowser rather than using Zoom desktop software. Needs many updates on this app to avoid hacking. Some security loop holes are there for attackers to hack this app and this should be blocked.