The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to businesses regarding the security of their device management systems. This advisory comes in the wake of a significant cyberattack on Stryker, a prominent medical technology company, where hackers remotely wiped thousands of devices.
CISA emphasized the importance of securing systems like Microsoft Intune, which Stryker utilizes to manage its employee devices. The agency noted that the attackers exploited their access to Stryker's Windows-based network to disrupt the company's global operations.
Key Recommendations:
- Network administrators should require a second administrator's approval for any high-impact changes, including device wipes.
- Implement stringent access controls to limit who can make sensitive changes within device management systems.
Stryker confirmed the breach on March 11, reporting widespread disruptions to its network. Although the company stated that no malware or ransomware was deployed, the hackers accessed internal systems to delete data from numerous employee devices, including personal phones and computers.
Despite the attack, Stryker has managed to contain the situation and is in the process of restoring its systems. However, its supply chain operations remain affected, with ordering and shipping systems still offline.
The group responsible for the attack, known as Handala, claimed it was acting in retaliation for U.S. military actions in Iran. They also alleged to have stolen data from Stryker's network, although evidence of this claim has not been provided.
In response to the attack, the FBI has taken action against the Handala group's online presence, seizing their website.
Why It Matters: This incident highlights the vulnerabilities present in device management systems and the need for robust security measures to protect sensitive data and operations.
Next Steps: Organizations using Microsoft Intune or similar systems should review their security protocols and implement the recommended measures to prevent unauthorized access and potential data loss.
