FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing [ 
https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom 
] 04/02/2020 11:39 AM EDT 
Original release date: April 2, 2020

The Federal Bureau of Investigation (FBI) has released an article [ 
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
 ] on defending against video-teleconferencing (VTC) hijacking (referred to as Zoom-bombing when attacks are to the 
Zoom VTC platform). Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and 
Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this 
guidance in response to an increase in reports of VTC hijacking.

The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review the FBI article as 
well as the following steps to improve VTC cybersecurity:


  * Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting 
room. 
  * Consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the 
vendor offer it? 
  * Ensure VTC software is up to date.See Understanding Patches and Software Updates [ 
https://www.us-cert.gov/ncas/tips/ST04-006 ]. 

CISA also recommends the following VTC cybersecurity resources:


  * FBI Internet Crime Complaint Center (IC3) Alert: Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit 
Increased Use of Virtual Environments [ https://www.ic3.gov/media/2020/200401.aspx ] 
  * Zoom blog on recent cybersecurity measures [ https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/ ] 
  * Microsoft Teams security guide [ https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]