“On the heels of a recent FBI alert on Zoom bombing, federal agencies are warning staff to be on the lookout for signs that their remote collaboration tools are being attacked or compromised by hackers.”
“In an April 3 email obtained by FCW, a divisional CIO at the Department of Health and Human Services notes that the surge of telework among federal agencies following the coronavirus outbreak has created a wide attack surface for malicious third-parties to exploit in numerous ways. The agency warned both employees and contractors that such security concerns go beyond Zoom and other web conferencing software.”
“‘Pay special attention to any voice or video conferencing software or other remote collaboration tools for the duration of the coronavirus pandemic as these present an enticing target for hackers,’ the office wrote.”
“Video teleconferencing services are widely used in healthcare and related industries and a memo flags a number of potential attacks, such as interruption and disruption, using fake web addresses to trick conference attendees into downloading malware and exploiting newly discovered zero-day vulnerabilities.”
“Conference managers were asked to be mindful about who they authorize to attend web meetings, institute controls on who can share their camera, microphone or screen, and configure password protections for all meetings. It also advises against posting about upcoming web meetings on social media or configuring them to be accessible to the public ‘unless necessary.’”
“Other recommendations include restricting physical access to work devices and using separate accounts on personal computers and utilizing root administrative access sparingly. Even with these controls, the office advises employees to operate as if their discussions will reach others…”
“As the use of tools like web conferencing software has exploded over the past month, policymakers are increasingly scrutinizing the security and privacy features put in place by companies…”
“Agencies like the National Institute for Standards and Technology have raced to develop updated guidance to agencies and the private sector for how to conduct their work safely in a remote environment…” Read the full article here.
Source: HHS tech official warns feds, contractors on virtual meeting risks – By Derek B. Johnson, April 6, 2020. FCW.
