How remote browser isolation can shut down virtual meeting hijackers

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!


Virtual meetings continue to attract cyber attackers who use it to distribute ransomware, including GIF-based account takeover attacks. Earlier this week, Zoom agreed to pay $ 85 million to its users who have been the victims of zoom bombing. Zoom is also committed to stepping up efforts to prevent cyber attackers from distributing malware and account takeover attempts via chat on its platform. The company also promised to implement additional security and privacy policies as part of a legal settlement that was reached earlier this week. The web is becoming an easy target for cyber attackers and the evolving security of virtual meetings, which has become an urgent need due to the epidemic.

Before the onset of the epidemic, many CISOs were wary of the first generations of virtual meeting platforms. The potential for cyber attackers to hide malware in HTML, JavaScript and browser code and then launch attacks targeting insecure endpoints was one of the reasons why virtual meeting platforms did not grow rapidly before the epidemic. Once the endpoint is compromised, the cyber attackers hack back into the enterprise’s network and launch additional malware attacks or pretend to be senior management and defraud the company.

Cyber ​​attacks are becoming more sophisticated

The use of GIF images to transmit worm-based attacks to corporate accounts in the Microsoft team shows just how sophisticated these attacks are. Users only had to view the GIF in the team to share their authentication cookie data with the compromised subdomain. CyberArc’s latest blog post on how cyber attackers successfully used GIF messages to launch worm-like malware variants through enterprises shows how sensitive teams and anyone using a Microsoft-based application could potentially be.

CyberArk’s post provides a timeline of how Microsoft reacted quickly to thwarting such attacks and observed that cyber attackers could cross the line and gain access to confidential, privileged data. Hacking into virtual meetings has become a new way for cyber attackers to take advantage of having privileged access credentials without first stealing them.

The following graphic shows how a GIF-based attack works.

The clever use of GIFs by cyber attackers to carry out worm-like attacks on an enterprise by Microsoft teams shows how much effort bad actors will put into incorporating virtual meeting platforms for profit.  Source: Beware of CyberArch, GIF: Account takeover vulnerabilities in Microsoft teams
The clever use of GIFs by cyber attackers to carry out worm-like attacks on an enterprise by Microsoft teams shows how much effort bad actors will put into incorporating virtual meeting platforms for profit. Source: Beware of CyberArk, GIF: Account takeover vulnerabilities in Microsoft teams

Why Remote Browser Isolation Works

What started as a strategy to secure and create a more collaborative virtual meeting platform together, Zoom and other platform providers began installing remote web servers on users’ devices. To their credit, Zoom quickly fixed the issue, while Apple forced a silent update on their systems to block Zoom’s servers. Zoom has made progress on its security since 2019 and will need to improve this week given the high cost of legal settlement. Their timeline reflects the challenges faced by all virtual meeting platforms in balancing security, speed and user experience response while enabling virtual collaboration. Given the security risks to Zoom and other platforms, many enterprises initially resisted relocating their legacy teleconferencing systems, as slow and intuitive as they were.

Since the epidemic began and continues now, virtual and hybrid teams are evolving across all organizations, creating a whole new range of security risks for virtual meeting sessions. It challenges the jobs of CISOs and CIOs to support the expanding variety of personalized, messy devices.

The growth of Remote Browser Isolation (RBI) over the last two years is in response to the need for organizations to bring a more zero trust security-based approach to all web sessions, no matter where they are located. Zero trust looks to eliminate dependence on trust relationships on the enterprise’s tech stack – as any trust gap can be a major liability. As a result, it is an area that attracts enterprise cyber security providers such as ForcePoint, McAfee and Zuskler, who recently added RBI to their offerings, joining RBI leaders such as Aircom and Authentic 8. Of these and many other competing vendors in the RBI market, Ericom is the only one that has successfully developed and delivered a scalable solution that meets the technological challenges demanding to secure virtual meetings globally. He has applied for a patent for his innovations in this field.

RBI is proving to be a more secure option for downloading clients that lack security and can cause software conflicts at endpoints that make them insecure. RBI works by opening a virtual meeting URL in a remote, isolated container in the cloud. Inside the container, virtual devices such as microphones, webcams or desktops synchronize media streams with endpoint devices.

Only secure rendering data representing isolated users ‘media is streamed from the container to participants’ endpoint browsers. Isolated users similarly receive only secure rendering of media arising from other participants. When the active virtual meeting session ends, the separate container is destroyed, including all the contents. In addition, the policies prohibit what users can share in virtual meetings through screen sharing and chats. No images, video or audio of the meeting are cached in the participants’ browsers, so it cannot be retrieved or examined after the meeting or shared. The solution also prevents illegal recording of malware-enabled sessions.

Adopting a zero-confidence approach to managing each virtual meeting session reduces risk levels and breach attempts that could potentially change.  Ericom's RBI-based virtual meeting isolation demonstrates the possibility of using a zero-trust-based approach to securing virtual meetings.
Adopting a zero-confidence approach to managing each virtual meeting session reduces risk levels and breach attempts that could potentially change. Ericom’s RBI-based virtual meeting isolation demonstrates the possibility of using a zero-trust-based approach to securing virtual meetings.,

Turning a cautious story into an active strategy

Virtual meetings keep teams collaborating, creating and completing complex tasks. CIOs and CISOs that enable built-in virtual meeting technologies should be aware of the security risks to downloadable clients of virtual meeting platforms. So far, there is no reliable way to protect them. Despite a lesson from the past, Zoom’s decision to load web servers on users’ systems is a cautious story that I know every CIO still talks about when virtual meeting platforms come into the conversation.

The RBI has the ability to isolate virtual meetings which can alleviate the concerns of CIOs and CISOs who want a solution that can scale into messy devices. Endpoint security has progressed rapidly during the RBI’s parallel epidemic, as organizations adopt more zero-confidence strategies to protect every hazardous surface and reduce enterprise risk. As a result, securing virtual meetings is becoming key to a solid enterprise endpoint security strategy.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.