The Cybersecurity and Infrastructure Security Agency (CISA) recently alerted U.S. organizations to bolster their security measures for Microsoft Intune. This comes after a significant cyberattack on medical tech firm Stryker. The incident was executed by Handala, a hacktivist group with ties to Iran, who claimed to have stolen 50 terabytes of data before wiping nearly 80,000 devices using Intune’s built-in wipe command.
CISA is urging organizations to follow Microsoft’s guidance to strengthen Intune. Microsoft published a set of recommendations shortly after the attack. Key to these recommendations is the principle of least privilege, where administrators are only given necessary permissions through role-based access control (RBAC). This reduces the chance of unauthorized access to sensitive actions.
Experts note that cybersecurity threats are evolving. A recent survey by the Cybersecurity and Infrastructure Security Agency shows that nearly 60% of organizations have reported an increase in cyber threats over the past year. This illustrates the urgent need for tightened endpoint management practices.
CISA emphasizes the importance of multifactor authentication (MFA) and requires that any significant administrative changes—like device wipes or application updates—get multi-admin approval. This layered approach to security helps organizations maintain tighter control over their systems.
The rise of Handala highlights the growing trend of hacktivism in cyberspace. Emerging in late 2023, the group specializes in targeting Israeli organizations and has gained notoriety for their brazen attacks. With the continuous advancement of cyber threats, it’s critical for all organizations to stay vigilant and proactive in their cybersecurity protocols.
As organizations integrate more advanced technologies, the risk of exposure increases. Companies must not only rely on trusted administrators but also establish strict administrative controls to fortify their defenses. By shifting to a more secure administrative design, organizations can mitigate risks and protect sensitive data from evolving threats.
For those looking to enhance their cybersecurity measures, more information can be found in Microsoft’s published guidance here and in CISA’s alerts here.
