Secure your Microsoft system or suffer the same fate as Stryker – US tells companies to secure corporate accounts

News
By published

CISA says hackers are actively seeking targets

cybersecurity
Image Credit: Pixabay (Image credit: Image Credit: Geralt / Pixabay)
  • CISA warns US firms after Stryker Intune wipe
  • Urges stronger endpoint management configs, least privilege, MFA, multi-admin approvals
  • FBI and Microsoft coordinating to counter Handala-linked Iranian hacktivists

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging businesses in the country to harden their endpoint management system configurations and avoid suffering the same fate as Stryker.

If you haven’t been paying attention, an Iranian hacking collective called Handala broke into Stryker, (allegedly) stole 50 terabytes of data, and then used a compromised Microsoft Intune admin account to wipe almost 80,000 company devices in just a few hours.

The company was literally forced to operate on pen and paper due to the severity of the disruption.

Article continues below

Defending against Handala

Earlier this week, CISA issued a new alert, saying it is “aware of malicious cyber activity targeting endpoint management systems of US organizations based on the cyberattack against Stryker”. It urged businesses to bolster their defenses using Microsoft’s recommendations, and stressed it was coordinating with the FBI to identify additional threats.

Microsoft’s recommendations include:

  • Using principles of least privileges for admin roles
  • Using Intune’s role-based access control to assign minimum permissions necessary
  • Enforcing phishing-resistant multi-factor authentication
  • Using Microsoft Entra ID to block unauthorized access
  • Configuring access policies to require Multi Admin Approval in Microsoft INtune
  • Setting up policies that require a second admin account’s approval for sensitive and high-impact changes

“The principles of these recommendations can be applied to Intune and more broadly to other endpoint management software,” CISA added.

Although it is not confirmed, many security researchers believe the attack on Stryker is the result of US and Israeli aggression against Iran. Handala claimed that in its operation “over 200,000 systems, servers, and mobile devices have been wiped, and 50 terabytes of critical data have been extracted.”

The group is being described as “hacktivists linked to Iran’s Ministry of Intelligence and Security”, targeting mostly Israeli organizations around the world.

Via Bloomberg

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.