A cybercrime group that managed to compromise the cloud-based sources of a cybersecurity vendor tried to extort the corporate by threatening relations, the corporate has revealed.
Operational know-how (OT) safety specialist Dragos mentioned it was hit on Could 8 after menace actors compromised the e-mail account of a brand new gross sales worker previous to their begin date.
Read more on ransomware: Time Taken to Deploy Ransomware Drops 94%.
They subsequently used the worker’s private data to impersonate them and full some fundamental onboarding, in response to the seller’s report on the incident. This bought them so far as entry to the corporate SharePoint account and contract administration system, however no additional.
Nonetheless, after failing to deploy a ransomware payload or steal extra delicate data, the group apparently resorted to making an attempt to extort Dragos executives to keep away from public disclosure.
Though no Dragos contact responded, the group repeatedly tried to up the strain, contacting a number of publicly recognized Dragos staff and making an attempt to make use of information of relations to drive a response.
“The cyber-criminals’ texts demonstrated analysis into household particulars as they knew names of relations of Dragos executives, which is a recognized TTP. Nonetheless, they referenced fictitious electronic mail addresses for these relations,” the report noted.
“As well as, throughout this time, the cyber-criminals contacted senior Dragos staff by way of private electronic mail. Our choice was that the most effective response was to not interact with the criminals.”
Dragos co-founder and CEO, Robert Lee, shared extra particulars by way of Twitter.
“The criminals clearly grew pissed off as a result of we by no means tried to contact them,” he tweeted. “Paying was by no means an possibility. They continued to name me, threaten my household, and the household of a lot of our staff by their names.”
In the long run, the seller’s multi-layered safety strategy seems to have prevented a extra critical compromise.
The menace actors couldn’t entry the Dragos messaging system as they wanted admin approval and have been unable to compromise the IT helpdesk, buyer assist information, the worker recognition system, gross sales leads and extra, attributable to role-based entry controls.
As soon as the hackers have been recognized by way of the seller’s safety data and occasion administration (SIEM) instrument, it blocked the compromised account and activated third-party incident response and MDR. Safety controls prevented any malicious actor lateral motion, privilege escalation, persistent entry or modifications to the agency’s infrastructure, Dragos mentioned.
Sadly, not all ransomware victims have an analogous expertise. Sophos claimed in a report yesterday that 66% of organizations fell sufferer to ransomware in 2022, and an enormous 76% of them had information encrypted.
