CISA Asks Companies to Secure Microsoft Tool After Stryker Cyberattack

The U.S. government on Wednesday asked companies to strengthen the security of Microsoft’s endpoint management tool, after a cyberattack on medical device maker Stryker Corp last week.

The March 11 cyberattack hit Stryker’s computer systems, causing widespread disruption to its business, including its ability to process orders, make products and ship them to customers. The company said it had experienced a global disruption to its Microsoft environment.

An Iran-linked hacking group called Handala claimed responsibility for the attack, saying it was in retaliation to a strike on a girls’ school in Minab, southern Iran.

• The Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations, based on the Stryker attack.
• CISA asked companies to harden endpoint management system configurations, implementing Microsoft’s best practices to secure Microsoft Intune, a tool that manages user access, devices, and applications across organizations.
• CISA is coordinating with federal partners, including the Federal Bureau of Investigation, to identify additional threats and determine mitigation actions.
• Bloomberg News reported on Wednesday that the cyberattack on Stryker has delayed surgeries for some patients.
• Stryker said on Tuesday that it had contained the attack and that no patient-related services or connected medical products were affected, though it did not provide details on the financial impact.

(Reporting by Natalia Bueno Rebolledo in Mexico City; Editing by Sonia Cheema)