News for the cybersecurity community during the COVID-19 emergency
Yahoo Finance observes that the S&P 500's coronavirus-driven twenty-percent drop hasn't affected all sectors equally. Some of the sectors hardest hit are those one would expect: hospitality, travel, etc. The tech sector has been more resistant to recession fears, with business software within normal ranges. Two subsectors now perceived as operating essentials, cybersecurity and telework, have actually performed well. Yahoo's examples are Cloudflare (NET) and CrowdStrike (CRWD), respectively up 40% and 16% year-to-date. Among companies whose solutions facilitate teleconferencing, a standout has been Zoom (ZM), whose shareprice has surged 120% so far in 2020. Organizations have found Zoom reliable and easy to use, and those are no small virtues.
Success draws attention, however, for better and for worse. While Zoom has certainly drawn investors' eyes in a good way, it's also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs' bar, and state attorneys general. The platform's encryption isn't really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users' traffic. The FBI's Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name "zoom;" these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California's Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State's Attorney General to ask Zoom for an explanation of its privacy and security policies.
As Internet traffic surges worldwide during this period of stay-at-home and quarantine orders, companies and other organizations continue to offer cybersecurity assistance.