CISA & FBI Say That Russian Threat Actors Exploiting Print Nightmare And MFA Flaws To Pwn High Value Networks

The CISA and the FBI have put out an alert that Russian state-sponsored hackers have exploited default MFA protocols and a Windows 10 printer flaw, ‘PrintNightmare’, to compromise networks and high-value domains in order to access victims’ cloud and email. 

Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

“This shows very novel tradecraft being used by the state-sponsored attackers and why it is so important to have detection and response as well as full visibility into your entire enterprise. Do not assume prevention-based controls or just security hygiene will prevent the entry of attackers. Once attackers get in, they can use older CVEs like ‘PrintNightmare’ which may not have been patched in every dark corner of the IT real estate. The Fail-Open nature of many services does open an attack surface that is hard to assess ahead of time. The later stages of this attack still use classic techniques like RDP and living off the land. Attacks like these need defense-in-depth with both EDR (endpoint security) and NDR (network security) complementing each other to have a chance of timely discovery.”

The thing is that Print Nightmare isn’t new as I’ve covered it here before and it’s been covered extensively elsewhere. As for the MFA exploit, the alert has some good mitigation strategies that companies should look at. As given the state of play within the world at the moment, you can’t afford to take the risk of doing nothing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: