CISA issues warning that Russian hackers are bypassing two-factor authentication

Two-factor authentication (2FA) can be an important component of the steps you take to keep your accounts and data secure, but it’snot without its flaws. As if the existing threats weren’t concerning enough, now we’re learning about howRussianstate-sponsored hackers are undermining authentication in supposedly secure systems and disguising their access as that of legit account holders.

As early as May 2021, hackers exploited accounts linked to an unnamed non-governmental organization (NGO) and were able to access sensitive data, according to a new report from the FBI and theUS Cybersecurity and Infrastructure Security Agency(CISA). Weak password choices and a long-dormant account didn’t help the victims here — the attackers were able to get inside the old account, activate it, and enroll it in 2FA. Once the system viewed the hacked account as legit, the cyberattackers could run rampant — and they did, using a major Windows Print Spooler vulnerability, “PrintNightmare.”

4

PrintNightmaresurfaced last summer, and is a pretty serious vulnerability that exposes Windows systems to arbitrary code execution. Once compromised, an attacker can do basically whatever they want, with full system-level permissions. While the incident we’re looking at today didn’t reveal anynewvulnerability in 2FA, it does make clear that system hygiene is everything. Whether you’re setting up accounts on a newGalaxy S22or you’re an admin running an NGO’s entire network, good password practices and killing old, unused accounts are two especially vital steps toward keeping systems secure.

As theBBC reported in February, almost three-quarters ofransomwaremoney ends up in the coffers of hackers linked to Russia alone. If there’s a way to compromise a system for profit or knowledge, chances are good someone — whether solo or state-sponsored — is already working on a way to sneak in (assuming they haven’t found it yet). We’ll just have to keep being vigilant and stay on top of device updates.

Google Home icon with some gadgets around it.

$135 is its lowest price in months

Goodbye, text-only analysis

Samsung Notes logo in front of image containing S Pen and devices using Samsung Notes

A great choice for those looking for value

I played the opening mission of The Outer Worlds 2 and really enjoyed what I experienced

A Pixel 9 Pro showing expanded dark theme options.

Some scary urban digital legends

It’s never been cheaper

computer-users-unsplash