Two-factor authentication (also known as 2FA) is a vital part of keeping your accounts and data secure, but it is not without problems. As if the present threats weren’t bad enough, we now know how Russian state-sponsored Experts are circumventing authentication in ostensibly safe networks and masquerading as legitimate account holders.
According to a new report from the FBI and the US Cybersecurity and Infrastructure Security Agency, Internet Experts accessed accounts linked to an unnamed non-governmental organization (NGO) as early as May 2021 and were able to access sensitive data (CISA). Weak passwords and a long-dormant account didn’t aid the victims in this case; the attackers were able to gain access to the old account, activate it, and enroll it in two-factor authentication. Once the system recognized the compromised account as legitimate, the cybercriminals were free to roam — and they did, thanks to a severe Windows Print Spooler flaw known as “PrintNightmare.”
PrintNightmare was discovered last summer and is a critical vulnerability that allows arbitrary code execution on Windows PCs. Once a system has been controlled, an attacker has complete system-level permissions and can do pretty much whatever they want. While the event we’re looking at today didn’t expose any new 2FA vulnerabilities, it does highlight the importance of system cleanliness. Good password practices and removing old, useless accounts are two extremely important steps toward keeping systems secure, whether you’re setting up accounts on a new Galaxy S22 or an admin operating an NGO’s whole network.