Unveiling Least Privilege Vulnerabilities with Stryker: How Veza Access Platform Empowers Security Teams to Prevent Device Wipe Breaches Related To Microsoft AD and Intune environments

Stryker, a prominent medical technology company, experienced a severe cyberattack by the pro-Iranian hacker group Handala, which claimed to have erased data from over 200,000 devices and extracted 50 terabytes of sensitive information, causing global disruptions across the company's operations. The hackers exploited Stryker’s administrative access in Microsoft 365, Entra ID, and Intune to conduct remote wipes, highlighting significant vulnerabilities in identity and access management (IAM) practices, particularly regarding overly permissive roles and weak authentication controls. The incident underscores the rising threat of "living-off-the-land" attacks, where attackers leverage existing software tools for malicious purposes. Veza, a security platform, offers a solution by providing visibility into permissions and access paths across cloud environments, enabling organizations to identify and mitigate vulnerabilities before they are exploited. In response to the Stryker breach, Veza developed a specialized dashboard that detects vulnerabilities related to device wipe capabilities, helping security teams prevent unauthorized actions by monitoring and adjusting access privileges. The tool emphasizes the importance of robust multi-factor authentication and the implementation of least-privilege principles to reduce the risk of similar attacks.