The Cybersecurity and Infrastructure Security Agency (CISA) is strongly encouraging businesses and organizations to improve the security of their Microsoft environment, starting with Microsoft Intune.
-
CISA warns organizations to urgently strengthen Microsoft Intune security after hackers used it to wipe corporate systems at scale.
-
Iranian-linked hacktivist group Handala claims responsibility, alleging they wiped 200,000+ systems and stole 50TB of data in retaliation for an attack on a school.
-
Microsoft recommends three security measures: least-privilege admin roles, phishing-resistant authentication, and one more.
Microsoft Intune is a cloud-based tool that allows organizations to remotely manage their endpoints at scale, such as smartphones and laptops. If hackers gain access to Microsoft Intune, they can execute a so-called wipe command on corporate systems, deleting all data.
Recently, Microsoft released a best-practices guide for securing Microsoft Intune. Basically, the Redmond-based tech company mentions three approaches to strengthen Microsoft Intune:
- Designing roles around admin jobs according to the least-privilege principle
- Embracing phishing-resistant authentication
- Enabling multi-admin approval for sensitive changes
The immediate cause for CISA to send out a security advisory is the recent cyberattack on Stryker, an American Fortune 500 medical technology company that was hacked via its internal Microsoft environment.
As of writing, the firm hasn’t disclosed how it was attacked, but reportedly, a “global network disruption” was caused by unauthorized access to Microsoft Intune. Allegedly, the attackers managed to gain access to an admin account, after which they executed a wipe command on tens of thousands of systems and servers.
In a recent update, Stryker says that it’s safe to use its products.
“We are prioritizing restoration of systems that directly support customers, ordering, and shipping. Our core transactional systems are already on a clear path to full recovery, and we will continue to provide updates as progress is made. There is nothing more important to us than the customers and patients we serve, and we are grateful for your continued support and partnership,” the medtech company stated.
The cyberattack has been claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. The group said that it wiped more than 200,000 systems and servers, and stole 50TB of “critical data,” forcing offices in 79 countries to shut down.
Handala said the hack was “in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance.” In the incident, at least 175 people, primarily children, lost their lives.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked