FBI warns of teleconferencing hijacking during COVID-19 shift

Overview

The FBI issued a public service announcement on 30 March 2020 warning of teleconference hijacking incidents targeting organizations transitioning to remote work during COVID-19. The "Zoombombing" phenomenon emerged as bad actors exploited insecure meeting configurations to disrupt business meetings, online classrooms, and public events with offensive content.

threat environment and Attack Methods

Teleconference hijacking attacks typically exploit several common vulnerabilities:

• Public meeting links: Organizations posting meeting URLs on public websites, social media, or widely-distributed communications enable uninvited access.
• Default configurations: Many platforms shipped with insecure defaults—no passwords, screen sharing enabled for all participants, and disabled waiting rooms.
• Meeting ID enumeration: Fixed or predictable meeting IDs allow attackers to guess valid sessions through automated scanning.
• Social engineering: Attackers obtain meeting credentials through phishing emails, compromised calendars, or insider sharing.

Reported incidents ranged from disruptive trolling (offensive images, profanity) to more serious intrusions involving hate speech, threats, and attempts to harvest participant information. Educational institutions faced particular targeting as classes moved online.

Platform-Specific Hardening

Each major teleconferencing platform requires specific configuration attention:

Zoom: Enable waiting rooms, require meeting passwords, disable join-before-host, restrict screen sharing to host-only, and disable file transfer. Consider disabling private chat and remote control features for sensitive meetings.

Microsoft Teams: Configure lobby settings, disable anonymous join for meetings, restrict presenter privileges, and enable meeting recording notifications. Use Teams governance policies at the organizational level.

Webex: Require passwords, enable lobby, restrict content sharing, and configure automatic lock after meeting starts. Review personal room settings which may have weaker defaults.

Google Meet: Use calendar-based meetings with guest verification, enable knock-to-enter, and restrict recording permissions. Enterprise editions offer additional controls.

Enterprise Governance Framework

If you are affected, establish governance frameworks for teleconferencing platforms:

• Define approved platforms and prohibited services based on security capabilities and compliance requirements.
• Create standardized meeting templates with security-appropriate defaults for different meeting sensitivity levels.
• Require SSO authentication with MFA for host accounts to prevent credential-based hijacking.
• Establish data residency and retention policies aligned with regulatory requirements.
• Document escalation procedures for in-meeting disruptions including participant removal and evidence preservation.

User Training and Awareness

Technical controls require complementary user education:

• Train hosts on secure meeting setup, participant management, and incident response procedures.
• Educate users about risks of sharing meeting links on social media or public channels.
• Establish reporting channels for suspected hijacking attempts or security concerns.
• Conduct periodic phishing simulations targeting meeting credentials.

Incident Response Procedures

If you are affected, develop teleconferencing-specific incident response procedures:

• Empower hosts to immediately remove disruptive participants and lock meetings.
• Preserve meeting recordings, chat logs, and participant lists for investigation.
• Report serious incidents to the FBI's Internet Crime Complaint Center (IC3) and platform vendors.
• Conduct post-incident review to identify configuration gaps enabling the intrusion.

Monitoring and Detection

Your security team should implement monitoring for teleconferencing platform abuse. Collect administrative logs into SIEM systems and alert on anomalous patterns including multiple failed join attempts, unexpected geographic locations, and unusual participant counts. Regular review of meeting security configurations ensures standards compliance across the organization.

Step-by-step guidance

Successful implementation requires a structured approach that addresses technical, operational, and organizational considerations. Organizations should establish dedicated implementation teams with clear responsibilities and sufficient authority to drive necessary changes across the enterprise.

Project governance should include regular status reviews, risk assessments, and stakeholder communications. Executive sponsorship is essential for securing resources and removing organizational barriers that might impede progress.

Change management practices help ensure smooth transitions and stakeholder acceptance. Training programs, communication plans, and feedback mechanisms all contribute to effective change management outcomes.

Verification steps

Compliance verification involves systematic evaluation of implemented controls against applicable requirements. Organizations should establish verification procedures that provide objective evidence of compliance status and identify areas requiring remediation.

Internal audit functions play an important role in providing independent assurance over compliance activities. Audit plans should incorporate risk-based prioritization and coordination with external audit requirements where applicable.

Continuous compliance monitoring capabilities enable early detection of control failures or compliance drift. Automated monitoring tools can provide real-time visibility into compliance status across multiple control domains.

Vendor considerations

Third-party relationships require careful management to ensure compliance obligations are properly addressed throughout the vendor ecosystem. Due diligence procedures should evaluate vendor compliance capabilities before engagement.

Contractual provisions should clearly allocate compliance responsibilities and establish appropriate oversight mechanisms. Service level agreements should address compliance-relevant performance metrics and reporting requirements.

Ongoing vendor monitoring ensures continued compliance throughout the relationship lifecycle. Periodic assessments, audit rights, and incident response procedures all contribute to effective third-party risk management.

Planning considerations

Strategic alignment ensures that compliance initiatives support broader organizational objectives while addressing regulatory requirements. Leadership should evaluate how this development affects competitive positioning, operational efficiency, and stakeholder relationships.

Resource planning should account for both immediate implementation needs and ongoing operational requirements. Organizations should develop realistic timelines that balance urgency with practical constraints on resource availability and organizational capacity for change.

Tracking performance

Effective monitoring programs provide visibility into compliance status and control effectiveness. Key performance indicators should be established for critical control areas, with regular reporting to appropriate stakeholders.

Metrics should address both compliance outcomes and process efficiency, enabling continuous improvement of compliance operations. Trend analysis helps identify emerging issues and evaluate the impact of improvement initiatives.

Summary and next steps

Organizations should prioritize assessment of their current posture against the requirements outlined above and develop actionable plans to address identified gaps. Regular progress reviews and stakeholder communications help maintain momentum and accountability throughout the implementation journey.

Continued engagement with industry peers, professional associations, and regulatory bodies provides valuable opportunities for knowledge sharing and influence on future policy developments. Organizations that address emerging requirements position themselves favorably relative to competitors and build stakeholder confidence.

Governance structure

Effective governance ensures appropriate oversight of compliance activities and timely escalation of significant issues. Organizations should establish clear roles, responsibilities, and accountability structures that align with their compliance objectives and risk appetite.

Regular reporting to senior leadership and board-level committees provides visibility into compliance status and supports informed decision-making about resource allocation and risk management priorities.

Ongoing improvement

Compliance programs should incorporate mechanisms for continuous improvement based on lessons learned, emerging best practices, and evolving requirements. Regular program assessments help identify enhancement opportunities and ensure sustained effectiveness over time.

Organizations that approach this development strategically, with appropriate attention to governance, risk management, and operational excellence, will be well-positioned to achieve compliance objectives while supporting broader business goals.

More on this topic

Further reading from our research library.

Cybersecurity · Credibility 91/100 · March 30, 2020

FBI FLASH warns of Kwampirs supply-chain intrusions

The FBI issued a FLASH alert about the Kwampirs remote-access Trojan targeting supply-chain and healthcare networks, urging organizations to hunt for indicators, tighten remote access, and segment critical systems.

Cybersecurity · Credibility 73/100 · March 31, 2020

Firefox 74.0.1 fixes in-the-wild zero-days (CVE-2020-6819/6820)

Mozilla emergency-patched Firefox 74.0.1 and ESR 68.6.1 on March 31, 2020. Two critical use-after-free bugs were being exploited in the wild. If you are managing Firefox deployments, push this update immediately.

Cybersecurity · Credibility 73/100 · April 2, 2020

FBI and CISA issue videoconferencing hijacking guidance

A joint FBI and CISA advisory on April 2, 2020 warned organizations to harden videoconferencing settings after hijacking incidents, recommending passwords, waiting rooms, and restricted sharing to protect remote classes…

Cybersecurity · Credibility 91/100 · March 24, 2020

Cybersecurity — Apple

Apple released macOS Catalina 10.15.4 and Security Update 2020-002 for Mojave and High Sierra, patching actively exploited WebKit flaws and other kernel and mail vulnerabilities.

Cybersecurity · Credibility 86/100 · March 23, 2020

Microsoft warns of Type 1 Font parsing zero-day (ADV200006)

Microsoft’s ADV200006 advisory warns of two Type 1 font parsing RCEs (CVE-2020-1020, CVE-2020-0938) exploited in the wild, requiring immediate patching, EMET-style mitigations, and hardened document-handling controls to…

Continue in the Cybersecurity pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Cybersecurity Operations Playbook

  Use our research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.

• Network Security Fundamentals Explained Practically

  A practitioner-focused guide to network security fundamentals covering firewalls, segmentation, IDS/IPS, DNS security, VPNs, wireless security, zero trust architecture, and traffic…

• Small Business Cybersecurity Survival Checklist

  A budget-conscious cybersecurity checklist built specifically for small businesses. This guide covers foundational security policies, network hardening, employee training, phishing…

Coverage intelligence

Published

March 30, 2020

Coverage pillar

Cybersecurity

Source credibility

86/100 — high confidence

Topics

Remote work · Teleconferencing security · Incident prevention

Sources cited

3 sources (fbi.gov, justice.gov, iso.org)

Reading time

5 min

Source material

1. FBI warns of teleconferencing and online classroom hijacking — Federal Bureau of Investigation
2. Department of Justice / FBI guidance on video-teleconferencing security — U.S. Department of Justice
3. ISO/IEC 27001:2022 — Information Security Management Systems — International Organization for Standardization