Security vendor Dragos was targeted by hackers attempting to extort money

Posted on May 12, 2023 at 6:31 AM

Security vendor Dragos was targeted by hackers attempting to extort money

Dragos was the target of a ransomware attack recently. The security vendor was targeted by a ransomware group that unsuccessfully tried to extort money from the vendor using a socially engineered attack. The attack in question happened after hackers compromised the personal email account of one of the company’s employees.

Dragos targeted by a ransomware attack

The attack in question happened on May 8. The ransomware group behind the exploit obtained access to SharePoint and the contract management system at the company. The hackers gained initial access by compromising a personal email address of a new sales employee before they even started working at Dragos.

The attacker used the stolen personal details from the new employee to impersonate them and finalize the initial steps for the employee onboarding process at the company. However, Dragos was swift in its response, which prevented the hackers from deploying ransomware and conducting further exploits.

The company assured the stakeholders that none of its systems were affected because of the hack. However, the activity of these hackers persisted. After the initial exploit and the failure to execute the ransomware strategy, the threat actor group pivoted to extort Dragos and avoid public disclosure of the attempted hack.

The attackers sent many messages to the executives at the company, threatening to reveal this exploit to the public if they did not receive payment. The group became personal in the threats and made references to the personal contacts and family members at the company. They also sent emails to personal accounts belonging to senior employees at Dragos.

Dragos said that it did not respond to the criminals and managed to contain the breach. However, the company admitted that a data loss could lead to stolen information being published online as the company did not pay a ransom.

Dragos said that it chose to reveal this attack to “help de-stigmatize security events.” Security incidents have become increasingly popular, and no firm is immune from them. Attackers have shifted towards using sophisticated strategies and advanced tools to conduct their attacks, which has exposed many companies to being victims.

However, in the case of Dragos, the company was swift in responding to the hackers, and it resulted in minimal damage. This is not always the case with most companies targeted by these hacks, as they can result in maximum damage.

This incident will help drive awareness about cyberattacks and how the hackers behind such attacks are now targeting the hiring space to obtain initial access to conduct the exploits. There are also instances when companies hire fake employees whose only role is to steal and scam employers. Some fake employees are also created by hackers to collect paychecks, while some job seekers are scammed as they seek employment.

Companies should focus on response and internal mitigation during hacks

An investigation into this breach is currently being conducted by Dragos. However, the company said that it managed to prevent an even larger attack because of the prompt response and a robust security system. The company opined that its response and mitigation could be used as a blueprint by others.

The company has also investigated the alerts on its corporate security information and event management (SIEM) system. It has also blocked the compromised account and activated an incident response retailer. It has also used a third-party MDR provider to be in charge of the incident-response efforts.

The company also said that it had taken steps to ensure similar attacks do not happen in the future. Dragos has integrated a new verification step to make the new-employee onboarding process more robust to ensure that the technique used by the hackers would not be deployed again.

Dragos has also provided some recommendations to other organizations that might be targeted by similar attacks in the future. The company has called for a robust system of identifying and accessing management infrastructure and processes. The company also wants to adopt a separation of duties across the sector to guarantee that no single person has full access to the environment.

Organizations have also been advised to use the principle of least privilege in all the systems and services and implement multifactor authentication when needed. The company has also called for using explicit blocks for bad IP addresses and monitoring the incoming emails for any signs of phishing, such as spelling, URL, and email address.

The organization should also ensure that it continues to monitor its security using the tested incident response playbooks if an attack happens.

Security vendor Dragos was targeted by hackers attempting to extort money
Article Name
Security vendor Dragos was targeted by hackers attempting to extort money
Dragos was recently targeted by a ransomware attack. The hackers compromised the personal email account of one of the company’s employees. However, the exploit was not successful.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading