"Handala, a group linked to Iran's intelligence agency, claimed responsibility for the attack, which knocked some of the surgical equipment maker's networks offline and continues to affect shipping and ordering systems. Stryker has publicly said the attack affected its Microsoft environment, and a source familiar with the investigation confirmed that the attackers wiped employees' devices using Intune."
"In a Wednesday security alert, the US Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of malicious cyber activity targeting endpoint management systems of US organizations following the Stryker intrusion, and urged companies to follow Microsoft's best practices for securing Intune."
"Use principles of least privilege when designing administrative roles. This can prevent someone who has breached Intune from creating new admin accounts and using these to control employees' access to internal systems and perform wipe commands. Companies should use Intune's role-based access controls to assign only the minimum permissions necessary to each role."
Handala, an Iranian intelligence-linked group, conducted a cyberattack on medical device manufacturer Stryker that exploited Microsoft Intune endpoint management systems to wipe employee devices and disrupt shipping and ordering operations. Following this incident, CISA issued a security alert warning of malicious activity targeting endpoint management systems across US organizations. Microsoft released security guidance recommending companies implement least privilege principles for administrative roles, use role-based access controls, and assign minimum necessary permissions to each role. These measures prevent attackers who breach Intune from creating unauthorized admin accounts and executing device wipe commands.
#microsoft-intune-security #cyberattack-response #endpoint-management #least-privilege-access #iranian-threat-actors
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]