What happened – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an emergency directive on April 11, 2024, following the Russian APT29 hacking group’s successful breach of multiple federal agencies’ Microsoft email accounts.
- Hackers can use stolen information, including authentication data, to obtain access to customer systems and exploit customer information.
- Affected federal agencies were instructed to take immediate remediation actions including resetting or deactivating authentication credentials.
How to mitigate risk from this vulnerability:
- Review multifactor authentication (MFA) enforcement for all users, noting any exceptions and consider enforcing on those excluded accounts as well.
- Refresh end user educations/awareness around MFA fatigue attacks to reduce likelihood of MFA bypass.
- Place additional monitoring around high-privilege accounts to track sign-ins and other usage to detect malicious activity.
- Review sign-in logs for suspicious activity, and consider implementing alerting for unusual sign-in activity.
Read: CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Read: ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System | CISA.
Read: APT29 – attack.mitre.org.
Get smart and take action – Drawbridge makes cybersecurity easy for Alternative Investment and Wealth Managers. Contact one of our representatives to learn more.