The CISA and the FBI have put out an alert that Russian state-sponsored hackers have exploited default MFA protocols and a Windows 10 printer flaw, ‘PrintNightmare’, to compromise networks and high-value domains in order to access victims’ cloud and email.
Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:
“This shows very novel tradecraft being used by the state-sponsored attackers and why it is so important to have detection and response as well as full visibility into your entire enterprise. Do not assume prevention-based controls or just security hygiene will prevent the entry of attackers. Once attackers get in, they can use older CVEs like ‘PrintNightmare’ which may not have been patched in every dark corner of the IT real estate. The Fail-Open nature of many services does open an attack surface that is hard to assess ahead of time. The later stages of this attack still use classic techniques like RDP and living off the land. Attacks like these need defense-in-depth with both EDR (endpoint security) and NDR (network security) complementing each other to have a chance of timely discovery.”
The thing is that Print Nightmare isn’t new as I’ve covered it here before and it’s been covered extensively elsewhere. As for the MFA exploit, the alert has some good mitigation strategies that companies should look at. As given the state of play within the world at the moment, you can’t afford to take the risk of doing nothing.
Like this:
Like Loading...
Related
This entry was posted on March 17, 2022 at 12:49 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA & FBI Say That Russian Threat Actors Exploiting Print Nightmare And MFA Flaws To Pwn High Value Networks
The CISA and the FBI have put out an alert that Russian state-sponsored hackers have exploited default MFA protocols and a Windows 10 printer flaw, ‘PrintNightmare’, to compromise networks and high-value domains in order to access victims’ cloud and email.
Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:
“This shows very novel tradecraft being used by the state-sponsored attackers and why it is so important to have detection and response as well as full visibility into your entire enterprise. Do not assume prevention-based controls or just security hygiene will prevent the entry of attackers. Once attackers get in, they can use older CVEs like ‘PrintNightmare’ which may not have been patched in every dark corner of the IT real estate. The Fail-Open nature of many services does open an attack surface that is hard to assess ahead of time. The later stages of this attack still use classic techniques like RDP and living off the land. Attacks like these need defense-in-depth with both EDR (endpoint security) and NDR (network security) complementing each other to have a chance of timely discovery.”
The thing is that Print Nightmare isn’t new as I’ve covered it here before and it’s been covered extensively elsewhere. As for the MFA exploit, the alert has some good mitigation strategies that companies should look at. As given the state of play within the world at the moment, you can’t afford to take the risk of doing nothing.
Share this:
Like this:
Related
This entry was posted on March 17, 2022 at 12:49 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.