CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

EricG · 17 Mar 2022, 01:26 PM

This is not of concern to most users, just Windows Server I think. Expect more like these, this was May 2021.

The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability.

ioneja · 27 Mar 2022, 10:35 PM

Thanks for the heads up on this -- please keep posting things like this, still very relevant considering the current situation with Russia/Ukraine, etc...

TenFour · 27 Mar 2022, 10:46 PM

So often these hacks start with a stolen password or in some cases the password is guessed or brute forced due to a poor password. Individuals can avoid almost all hacks if they just do a few simple things:

Use a password manager.
Create long, unique passwords.
Never reuse a password anywhere.
Use some form of 2fa on important accounts.
Never click on any links in an email or text message.

janusz · 27 Mar 2022, 11:57 PM

Quote:

Originally Posted by TenFour

.Never click on any links in an email or text message.

e.g. "click here to confirm your registration/new email address" ??

TenFour · 28 Mar 2022, 12:04 AM

Yes, I would agree that it is usually safe to click on a message in an email to sign in if you were just signing in to something. However, avoid clicking on links in emails that were unsolicited even if they appear completely genuine. For example, I receive a reminder to pay my credit card bill, but I don't click the link in the email--instead I go direct to the site and login to pay.

janusz · 28 Mar 2022, 12:20 AM

Quote:

Originally Posted by TenFour

I receive a reminder to pay my credit card bill, but I don't click the link in the email--instead I go direct to the site and login to pay.

In my case the message from the bank is "your credit card statement is ready. Login to our internet banking and see it there" (mind you, there is no link to the banking site).

TenFour · 28 Mar 2022, 12:23 AM

In most cases, my bank and credit card notices include links to click on--I don't do it. My bank statement notice arrived this morning and included a link to go see it.

17 Mar 2022, 01:26 PM	#1
EricG Essential Contributor Join Date: Aug 2009 Location: Canada Posts: 296	CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it This is not of concern to most users, just Windows Server I think. Expect more like these, this was May 2021. The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability.

27 Mar 2022, 10:46 PM	#3
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	So often these hacks start with a stolen password or in some cases the password is guessed or brute forced due to a poor password. Individuals can avoid almost all hacks if they just do a few simple things: Use a password manager. Create long, unique passwords. Never reuse a password anywhere. Use some form of 2fa on important accounts. Never click on any links in an email or text message.

27 Mar 2022, 10:35 PM	#2
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	Thanks for the heads up on this -- please keep posting things like this, still very relevant considering the current situation with Russia/Ukraine, etc...

28 Mar 2022, 12:04 AM	#5
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	Yes, I would agree that it is usually safe to click on a message in an email to sign in if you were just signing in to something. However, avoid clicking on links in emails that were unsolicited even if they appear completely genuine. For example, I receive a reminder to pay my credit card bill, but I don't click the link in the email--instead I go direct to the site and login to pay.

28 Mar 2022, 12:23 AM	#7
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	In most cases, my bank and credit card notices include links to click on--I don't do it. My bank statement notice arrived this morning and included a link to go see it.