The Cybersecurity and Infrastructure Security Agency and the FBI have jointly issued an advisory on how to mitigate Russian cyber threats that use the “PrintNightmare" vulnerability.
The advisory tackles state-sponsored Russian attacks that exploit the Windows-based vulnerability and default multifactor authentication protocols to illicitly access networks, CISA said Tuesday.
The PrintNightmare vulnerability, which is present in Windows' print spooler, can allow cyber actors to remotely execute codes or escalate privilege. Russian actors illicitly accessed email accounts and cloud through the vulnerability in May 2021.
The actors used a misconfigured account with default MFA protocols to breach the targeted network.
CISA and the FBI now advise organizations to require and properly implement MFA, employ time-out and lock-out features, patch software, continuously monitor network logs and disable inactive accounts.
"This advisory demonstrates the imperative that organizations configure MFA properly to maximize effectiveness,” said Jen Easterly, director of CISA and a 2022 Wash100 Award recipient.
