Cybersecurity advisory alert: Vulnerabilities with authentication methods

Editor's Note

On March 15, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) recommended all organizations take action to “enable, enforce, and properly configure” their multifactor authentication (MFA) protocols, the American Hospital Association (AHA) March 16 reports.

Russian state-sponsored actors are reportedly exploiting known vulnerabilities in MFA protocols, including the “PrintNightmare,” a known vulnerability since as early as May 2021. Back then, hackers compromised MFA protocols at a non-governmental facility that were set to default and were able to access several cloud and email accounts. The episode prompted an advisory titled “Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability,” which “provides observed tactics, techniques, and procedures (TTPs); indicators of compromise (IOCs); and mitigation recommendations.”

“The FBI and CISA urge all organizations to take immediate action to protect against this malicious activity and apply [the] recommended mitigations,” the March 15 advisory states.

“Russian state-sponsored cyber criminals and spies are conducting ‘vulnerability chaining’—linking multiple known vulnerabilities together to gain access to networks and data,” John Riggi, AHA’s national advisor for cybersecurity and risk, said in a statement. “This pattern highlights the need to ensure MFA is properly configured to detect and prohibit unknown devices from enrolling in the service, and prioritizing patching of all vulnerabilities that allow unauthorized remote access and code execution.”

“Reports of the Russian military deploying destructive malware in Ukraine continue to add urgency to acting on all alerts related to cyberthreats posed by the Russian government,” Riggi emphasized.