National Cyber Emergency Response Team has issued a fresh advisory warning users and organizations about the growing cyber threats targeting widely used video conferencing platforms, including Zoom and Google Meet. The advisory comes amid continued reliance on online meeting applications for government, business, and personal communication, highlighting how increased usage has also expanded the attack surface for cyber actors seeking to exploit weak security practices.
According to National CERT, the surge in virtual meetings has been accompanied by a rise in cyber incidents such as unauthorized access to meetings, account takeovers, and exposure of sensitive data. The advisory stated that video conferencing platforms configured without appropriate security controls remain vulnerable to hacking attempts, data theft, service disruption, and attacks on users’ devices. It warned that threat actors are actively targeting poorly secured sessions and user accounts to gain unauthorized entry, monitor conversations, or disrupt meetings. Such activity poses risks not only to individual users but also to organizations that discuss confidential information or access internal systems through these platforms.
The advisory specifically highlighted the increasing prevalence of unauthorized meeting intrusions, commonly referred to as Zoom bombing. National CERT explained that attackers exploit weak meeting configurations, publicly shared links, or predictable meeting identifiers to enter private sessions without permission. These intrusions can expose confidential discussions, sensitive business or government data, and connected organizational systems to risk. The advisory noted that successful attacks may result in unauthorized participants joining meetings, leakage or theft of information, disruption of services through denial of service activity, and misuse of platform management tools and administrative interfaces. Such incidents can undermine trust in online collaboration tools and potentially cause reputational and operational damage.
To reduce exposure to these threats, National CERT recommended adopting stricter meeting security practices. Users and organizations were advised to share meeting links only through secure communication channels and to issue meeting IDs shortly before sessions begin to limit unauthorized access. The advisory also encouraged enabling waiting room features, locking meetings once all expected participants have joined, and restricting screen sharing privileges to hosts by default. Treating meeting links with the same level of sensitivity as login credentials was emphasized as a key step in preventing misuse. National CERT further urged users to ensure that devices used for video conferencing are protected through regular software and operating system updates to reduce vulnerabilities that could be exploited during online sessions.
Beyond individual precautions, the advisory underscored the importance of stronger organizational security controls. National CERT highlighted the need for layered security measures, including network segmentation, intrusion detection systems, and continuous monitoring of network activity associated with video conferencing platforms. Organizations were encouraged to maintain visibility over access logs and system behavior to identify suspicious activity early. In the event of a suspected incident, the advisory recommended immediately removing unauthorized participants, reporting the issue through appropriate channels, reviewing system logs for indicators of compromise, and ensuring that secure data backups are available to support recovery efforts. National CERT stated that the advisory is intended to support government departments, businesses, and individual users in reducing cyber risks as dependence on online meeting platforms continues to expand across sectors.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
