Platform Security Briefing — FBI warns of teleconferencing hijacking during COVID-19 shift
The FBI’s 30 March 2020 PSA highlights wave of teleconference hijacking; organizations need enforced meeting controls, user education, and monitoring to stop uninvited participants and limit data leakage.
Executive briefing: The FBI issued a public service announcement on after a spike in teleconference hijacking and disruptive content during the COVID-19 shift to remote work and online learning. The bureau urged hosts to lock down meeting settings, validate attendees, and avoid publishing meeting links publicly.
Validated sources
- FBI PSA outlining recent incidents and immediate configuration steps for Zoom, Teams, Webex, and similar platforms.
- DOJ/FBI guidance on video-teleconferencing security providing host hardening tips and incident reporting channels.
Control mappings
- CIS Controls v8 4.6 & 14.8: Manage access to collaboration services and train users to recognize social engineering that exposes meeting IDs or passcodes.
- NIST SP 800-53 Rev.5 AC-17 & SI-4: Enforce secure remote access configurations and monitor conferencing services for anomalous logins or screen-share attempts.
- ISO/IEC 27001:2022 Annex A.8.28: Require secure configuration of SaaS collaboration tools with documented defaults and periodic review.
Implementation checklist
- Set meeting passwords by default, disable join-before-host, and restrict screen sharing to hosts or authorized presenters.
- Use waiting rooms/lobbies and authenticated attendee lists; disable anonymous dial-in numbers unless required and documented.
- Rotate meeting IDs for external sessions, avoid posting links on public websites, and route invitations through calendar systems with enforced attendee lists.
- Enable recording notices and retention policies; restrict recording downloads and verify storage encryption.
- Publish a rapid takedown and reporting path so hosts can expel disruptors, lock meetings, and notify security teams for evidence preservation.
Security configuration deep dive
- Create baseline templates per platform that disable file transfer, restrict third-party app integrations, and enforce watermarking for sensitive meetings.
- Enable SSO with MFA for hosts and presenters; require re-authentication before screen sharing or recording to reduce session hijack risk.
- Map data residency and retention settings to your classification policy; ensure transcripts and cloud recordings inherit the correct lifecycle.
- Document escalation paths to legal and communications teams so rapid takedowns align with incident-response and evidence preservation requirements.
Detection and response
- Collect admin and access logs into your SIEM; alert on failed password attempts, repeated lobby rejections, and screen-share activations in sensitive meetings.
- Establish an abuse desk for external participants to report malicious behavior, and verify that tickets create an incident with severity tiers.
- Review support tickets weekly to identify recurring configuration gaps, then update training materials and templates accordingly.
- Test account recovery and host-transfer procedures so meetings can proceed if a host is removed or locked out during an incident.