Cybersecurity Company Dragos Suffers Breach

Friday, 12 May 2023
dragos.jpg

Billion dollar cybersecurity company Dragos is itself the victim of a cybersecurity incident this week, with hackers managing to gain access to the company's SharePoint and contract management system. "On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform," the company said.

"The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process."

While posing as the new hire, the attackers managed to download 25 Dragos intel reports that were typically reserved for customers. The hackers also attempted, though failed, to access Dragos messaging, help desk, employee, marketing, and financial systems over the course of 16 hours. The requests were denied due to robust role-based access control (RBAC) rules.

Dragos Timeline

Despite failing to breach Dragos internal networks, the hackers sent out an extortion email to Dragos executives 11 hours into their attack. The message was sent outside of business hours, so it took Dragos staff a few hours to respond. Upon reading the email, Dragos staff disabled the compromised user account, revoked its active sessions, and blocked the attackers' IP addresses from accessing any Dragos resources.

"We are confident that our layered security controls prevented the threat actor from accomplishing what we believe to be their primary objective of launching ransomware," Dragos said. "They were also prevented from accomplishing lateral movement, escalating privileges, establishing persistent access, or making any changes to the infrastructure."

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," the company said.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw