Hackers Breach Multifactor Authentication

Uploaded on 2022-04-08 in TECHNOLOGY--Hackers, FREE TO VIEW

Hackers  been detected exploiting Multi-Factor Authentication (MFA) default  protocols with the “PrintNightmare” vulnerability. 

State-sponsored threat actors from Russia over the last year breached a non-governmental organisation (NGO) by leveraging multifactor authentication (MFA) defaults and exploiting the PrintNightmare vulnerability in Windows Print Spooler. 

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have analysed and released a serious concern about how Russian state-sponsored actors have gained access to an NGO's network.

CISA observed regular targeting of US Security Cleared Defense Contractors (CDCs) by Russian state-sponsored cyber actors. Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.

The hackers were able to gain access to an NGO’s cloud and email accounts, move laterally in the organisation’s network and exfiltrate documents, according to the FBI and CISA.

The actors have targeted both large and small CDCs and subcontractors with varying levels of cyber security protocols and resources. “Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security... These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data, “says the CISA.  

As early as May 2021, the hackers gained access to the NGO’s network by guessing the password of an inactive account to enroll a new device in the organisation’s Duo MFA. 

They exploited the PrintNightmare vulnerability, which caused havoc in 2021 before being patched, to get domain administrator access and redirected DUO MFA to disable multi-factor authentication for active accounts to add even more accounts. CISA do not give the details what data was exfiltrated, but the FBI and CISA recommended what organisations should do, in addition to reminding them to “remain cognisant of the threat of state-sponsored cyber actors including:

  • Enforce MFA for all users, without exception.
  • Implement time-out and lock-out features in response to repeated failed login attempts.
  • Ensure inactive accounts are disabled uniformly across the Active Directory and MFA systems.
  • Update software, including operating systems, applications, and firmware on IT network assets in a timely manner
  • Require all accounts with password logins
  • Continuously monitor network logs for suspicious activity and unauthorised or unusual login attempts.

The CISA advisory says the cyberattack targeting the NGO began as far back as May 2021. The location of the NGO and the full timespan over which the attack occurred were not specified. 

CISA:       Microsoft:   Venturebeat:     The Register:     

You Might Also Read: 

Two-Factor Authentication Matters More Than Ever:

 

« Protecting Your Business From A Supply Chain Attack
Technology’s Impact On Cyber Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF) is a business and labour market lobbying organization that promotes the competitiveness and business conditions of Finland’s most crucial export industry.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Micro Strategies Inc.

Micro Strategies Inc.

Micro Strategies provides IT solutions that help businesses tackle digital transformation in style.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.