Critical flaw
If Intune was the route to compromise, the first job for Stryker’s forensics team will be to work out how attackers got into the system.
“Stryker uses Entra for authentication, which integrates everything into this with single sign-on, including the software that builds and updates all devices, including servers, laptops, and phones,” commented Rob Demain, CEO of security managed security company, e2e-assure.
“This is a best practice design pattern, but with a critical flaw: if it’s compromised, the attacker has access to wipe all devices, which seems to be what has happened here. Initial access is likely to be via credential theft, typically Adversary-in-the-Middle (AitM).”
