CISA, FBI Highlight Russian Hacker Actions to Exploit Multifactor Authentication Vulnerability
The FBI and the Cybersecurity and Infrastructure Security Agency have warned organizations about the ability of Russian state-sponsored cyber actors to gain network access by exploiting default multifactor authentication protocols.
According to a joint cybersecurity advisory, state-sponsored hacking groups would exploit a misconfigured account to set default MFA protocols at a non-government organization and access the victim’s network. The hackers would then exploit the PrintNightmare vulnerability in Windows Print Spooler to run codes with system privileges and ultimately access cloud and email accounts for document exfiltration, CISA said Tuesday.
The advisory lists indicators of compromise and hacker tactics and procedures that organizations could look at to determine if they have been affected by the attacks. It also contains mitigation recommendations to keep entities protected from potential hacks.
CISA recommended that organizations apply MFA for all users, implement timeout and lockout features, disable inactive accounts, prioritize vulnerability patching when upgrading software, monitor network logs for suspicious activity and implement security alerting policies.
CISA Director Jen Easterly, a 2022 Wash100 winner, said entities must be on high alert at all times against cyber intrusions, and they must apply MFA and other mitigation recommendations to keep out cyber actors. Bryan Vorndran, assistant director of the FBI Cyber Division, urges organizations who may have been affected by the hacks to report to the bureau and CISA to allow them to act accordingly.
System administrations can check CISA’s Shields Up webpage to look for new services, resources and tips to protect critical assets.
Tags: advisory Bryan Vorndran cybersecurity Cybersecurity and Infrastructure Security Agency FBI Jen Easterly multifactor authentication PrintNightmare Russia Windows Print Spooler