- CIOsurge
- Posts
- š Microsoft MFA flaw exposes accounts to silent brute-force attacks
š Microsoft MFA flaw exposes accounts to silent brute-force attacks
Microsoft MFA Vulnerability, IT Hardware Tariffs, New CIOs in Healthcare and Utilities
Zack Tembi
December 17, 2024
Powered by Single Fin
Welcome to this weekās edition of CIOsurge!
This week:
A flaw in Microsoftās MFA allowed silent brute-force attacks, highlighting the need for proactive authentication reviews.
Proposed IT hardware tariffs could increase costs significantly, prompting CIOs to strategize with vendors.
New CIO appointments at Intermountain Health and SJW Group signal leadership focus on digital transformation and customer-centric technology.
Letās make this week a game-changer.
Stay sharp. Stay ahead.
š Microsoft MFA flaw exposes accounts to silent brute-force attacks
Researchers have discovered AuthQuake, a critical flaw in Microsoft's MFA implementation that bypassed protections, allowing unlimited brute-force attempts without user alerts. Exploiting an extended validation window for six-digit codes, attackers could enumerate all permutations without detection. Microsoft addressed the issue in October 2024 by enforcing stricter rate limits.
For IT professionals, this vulnerability underscores the critical need to scrutinize even widely trusted security measures like MFA. Itās not enough to implement advanced defenses; their configurations must be continually assessed for potential gaps. MFA has proven to be a powerful tool, but this incident highlights how a single misstep, such as inadequate rate limiting, can undermine its effectiveness.
CIOs and IT leaders must evaluate their own MFA setups and enforce strict policies around rate limits, user alerts, and monitoring failed login attempts. This serves as a call to action: bolster your organization's authentication frameworks with frequent audits and adopt a proactive stance in mitigating new threats as they emerge. - Zack Tembi
š Preparing for Trumpās proposed tariffs on IT hardware
President-elect Trumpās proposed tariffs could dramatically increase costs for IT hardware, with potential spikes of 45% for laptops and 25% for smartphones. With sourcing workarounds limited, CIOs must strategize with vendors to mitigate impacts on procurement, supply chains, and pricing ahead of potential policy changes.
With tariffs likely to impact hardware costs, this is a key moment for CIOs to review supply chain dependencies and vendor agreements. Proactive steps, such as securing pricing commitments or preordering critical equipment, can help mitigate risks associated with potential cost increases.
Additionally, potential changes to visa and immigration policies could influence IT staffing. CIOs should work with vendors and HR teams to ensure operational continuity in areas reliant on H-1B visa holders. Preparing for these shifts will support long-term resilience in both procurement and workforce strategies. - Zack Tembi
šļø At A Glance
š” CIO Spotlights
Ryan Smith returns as CDIO at Intermountain Health
Ryan Smith has been named Chief Digital and Information Officer at Intermountain Health, beginning his role in early 2025.
Smith, a healthcare tech veteran, previously held executive roles at Banner Health, Health Catalyst, and Graphite Health.
He will oversee Intermountainās Digital Technology Services, focusing on simplifying and improving healthcare experiences for patients and caregivers.
Douwe Busschops joins SJW Group as CIO to lead tech transformation
Douwe Busschops, formerly CIO at Veolia North America, steps into the CIO role at SJW Group to drive digital transformation.
His focus includes optimizing technology systems for better customer experiences and operational efficiency.
Busschops brings extensive expertise in cloud migration, governance, and customer-centric tech strategies.