"To defend against similar malicious activity that misuses legitimate endpoint management software, Cisa urges organisations to implement Microsoft's newly released best practices for securing Microsoft Intune. The principles of these recommendations can be applied to Intune and more broadly to other endpoint management software."
"Organisations are advised to use Intune's role-based access control features to enforce principles of least privilege, giving users the minimum permissions necessary to complete their day-to-day tasks; to rigorously enforce phishing-resistant multi-factor authentication and privileged access hygiene with Microsoft Entra; and to reconfigure Intune access policies to require the approval of multiple administrators for sensitive or high-impact actions."
"The 11 March incident at Michigan-based Stryker targeted its Microsoft Intune endpoint management systems, and saw Microsoft devices wiped and data stolen, resulting in widespread disruption and, in some cases, knock-on effects for frontline healthcare services."
Following cyber attacks including a significant incident at medical technology firm Stryker, CISA has issued urgent guidance for organizations to strengthen their endpoint management security. The March 11 attack on Stryker targeted Microsoft Intune systems, resulting in device wiping, data theft, and disruption to healthcare services. The Iranian hacktivist group Handala claimed responsibility as retaliation for Israeli-US actions against Iran. CISA recommends implementing Microsoft's security best practices for Intune, including role-based access control with least privilege principles, phishing-resistant multi-factor authentication, and requiring multiple administrator approvals for sensitive actions. These recommendations apply broadly to other endpoint management software.
#cybersecurity #endpoint-management #iran-linked-threat-actors #microsoft-intune #healthcare-security
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]