FBI warns of video-teleconferencing hijacking “Zoom-bombing”

FBI warns of video-teleconferencing hijacking "Zoom-bombing"

As the COVID-19 crisis continues to spread, larger numbers of enterprises and learning organizations are moving meetings and classrooms online via video-teleconferencing (VTC) platforms. The FBI has issued a new warning of recent VTC attacks and also offered guidance on how to better security VTC platforms.

The Federal Bureau of Investigation (FBI) has released a new article that highlights two recent VTC-related cyberattacks against Massachusetts-based schools.

In the first incident, a teacher in a Massachusetts high school was conducting an online class in late March when an unauthorized actor joined the class. The actor proceeded to yell out profanity and the teacher’s home address.

In a second incident, an unidentified person joined a Massachusetts school video conference meeting and proceeded to display swastika tattoos.

These are just two examples of VTC hijacking (aka “Zoom-bombing”) that are emerging nationwide.

FBI VTC guidance

The FBI says these threats highlight the need to exercise due diligence in your cybersecurity efforts.

The FBI offered these good guidelines to combat VTC-related threats:

  1. Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  2. Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  3. Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  4. Ensure users are using the updated version of remote access/meeting applications.
  5. Last, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Last October, researchers had discovered attackers can exploit a “Prying-Eye vulnerability” in Webex Meetings API calls to enumerate Webex meeting numbers.

To add, attackers could also launch similar “enumeration attacks” against Zoom platform for ongoing or future meetings.

Both Cisco and Zoom each offered password security guidance to prevent attacker snooping.

Finally, Zoom also published an account setting update “Password Default for Meeting and Webinar.”

As part of the update last October, Zoom added three new “require a password” settings — when scheduling meetings, for instant meetings and for Personal Meeting ID (PMI).

Related Articles