FBI Warns Teleconference Platforms Targeted for VTC Hijacking
NJCCIC Alert
Original Release Date: 2020-04-03
As many citizens transition to teleworking and home education due to COVID-19, multiple video-teleconferencing (VTC) platforms have become targets for threat actors. The FBI Boston Division stated they have received multiple reports of conferences and virtual classrooms being disrupted by pornographic and/or hate images and threatening language. This type of attack is referred to as VTC hijacking or Zoom-bombing. Additionally, Zoom does not incorporate end-to-end encryption and recently suffered security incidents. Some steps that can be taken to mitigate VTC hijacking include ensuring meetings and classrooms are private, avoiding publicly posting a teleconference link, and using updated versions of the applications. Furthermore, care should be taken when discussing sensitive information.
The NJCCIC recommends users of VTC platforms review the best practices provided in the Bleeping Computer article. Additional resources can be found in the CIS Security blog post.
Featured Content
- Widespread Exploitation of Microsoft Exchange Vulnerabilities>
- Protecting Against Tech Support Scams>
- PATCH NOW: Critical Vulnerabilities in F5 Software>
- Is Seeing Believing? A Look into Deepfakes>
- Threat Highlight: Impersonation Scams>
- Gootloader Malware Platform Uses Sophisticated Techniques to Deliver Malware>
- Patch Now: Severe Vulnerabilities in Microsoft Exchange Server>
- Event: JerseyCTF, April 10th & 11th, 2021>
- Beware of Tax Scams>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.