Guidance on Defending Against Video Teleconferencing (VTC) Hijacking and Zoom-bombing
The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as "Zoom-bombing" when attacks are to the Zoom VTC platform). Many organisations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this guidance in response to an increase in reports of VTC hijacking.
The Cyber Security Authority (CSA) encourages users and administrators to review the FBI Article (Click Here) as well as the following steps to improve VTC cybersecurity:
- Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
- Consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it?
- Ensure VTC software is up to date. See Understanding Patches and Software Updates.