CISA, FBI issue joint cybersecurity advisory with technical details, mitigations regarding ability of Russian state-sponsored cyber actors to gain network access through exploitation of default MFA protocols and 'PrintNightmare’ vulnerability in Windows

Sample article from our Housing & Economy

WASHINGTON , March 18, 2022 (press release) –

All Organizations Should Take Action to Enable, Enforce, and Properly Configure MFA as well as Prioritize Patching of Known Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory today with technical details, mitigations, and resources regarding previously demonstrated ability of Russian state-sponsored cyber actors to gain network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability in Windows Print Spooler, “PrintNightmare.” 

As early as May 2021, the Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim’s network. The actors then exploited a critical vulnerability “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges, and then were able to access cloud and email accounts for document exfiltration.

 This advisory, titled “Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability,” provides observed tactics, techniques, and procedures (TTPs); indicators of compromise (IOCs); and mitigation recommendations. The FBI and CISA urge all organizations to take immediate action to protect against this malicious activity and apply recommended mitigations such as:

  • Enforce MFA for all users, without exception, and ensure it is properly configured to protect against “fail open” and re-enrollment scenarios
  • Implement time-out and lock-out features
  • Disable inactive accounts uniformly in active directory, MFA, etc.
  • Update software, prioritizing known exploited vulnerabilities
  • Monitor network logs continuously for suspicious activity
  • Implement security alerting policies

“At CISA, we are great believers in multifactor authentication. It remains one of the most effective measures individuals and organizations can take to reduce their risk to malicious cyber activity. This advisory demonstrates the imperative that organizations configure MFA properly to maximize effectiveness,” said CISA Director Jen Easterly. “Now, more than ever, organizations must put their shields up to protect against cyber intrusions, which means applying the mitigations in this advisory including enforcing MFA for all users without exception, patching known exploited vulnerabilities, and ensuring MFA is implemented securely.”

“The FBI, alongside our federal and international partners, will continue to pursue cyber actors who engage in this type of targeted malicious activity of unauthorized access and exfiltration of data,” said FBI Cyber Division Assistant Director Bryan Vorndran. “We encourage organizations who may have experienced this type of exploitation to report to the FBI and/or CISA and provide us with additional information so we can continue to deter and disrupt nation-state actors. The FBI will not tolerate this type of criminal activity and we will use all of the tools in our toolbelt to combat this threat.” 

CISA has updated the Shields Up webpage to include new services and resources, recommendations for corporate leaders and chief executive officers, and actions to protect critical assets. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats. 

To report a cyber incident, organizations should contact CISA at report@cisa.gov or call CISA’s 24/7 CISA Central Operations Center at (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

 

###

* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.

See our dashboard in action - schedule an demo
Jason Irving
Jason Irving
- SVP Enterprise Solutions -

We offer built-to-order housing & economy coverage for our clients. Contact us for a free consultation.

About Us

We deliver market news & information relevant to your business.

We monitor all your market drivers.

We aggregate, curate, filter and map your specific needs.

We deliver the right information to the right person at the right time.

Our Contacts

1990 S Bundy Dr. Suite #380,
Los Angeles, CA 90025

+1 (310) 553 0008

About Cookies On This Site

We collect data, including through use of cookies and similar technology ("cookies") that enchance the online experience. By clicking "I agree", you agree to our cookies, agree to bound by our Terms of Use, and acknowledge our Privacy Policy. For more information on our data practices and how to exercise your privacy rights, please see our Privacy Policy.