A cybercrime team that managed to compromise the cloud-based methods of a cybersecurity vendor tried using to extort the firm by threatening loved ones associates, the organization has uncovered.
Operational technology (OT) security expert Dragos claimed it was strike on Might 8 following menace actors compromised the email account of a new gross sales employee prior to their start out date.
Browse far more on ransomware: Time Taken to Deploy Ransomware Drops 94%.
They subsequently employed the employee’s own information and facts to impersonate them and full some essential onboarding, in accordance to the vendor’s report on the incident. This received them as considerably as obtain to the enterprise SharePoint account and contract administration program, but no even further.
Nonetheless, following failing to deploy a ransomware payload or steal far more sensitive info, the group evidently resorted to making an attempt to extort Dragos executives to stay clear of public disclosure.
Whilst no Dragos get hold of responded, the team continuously experimented with to up the strain, speaking to several publicly acknowledged Dragos workers and making an attempt to use know-how of family members associates to force a response.
“The cyber-criminals’ texts demonstrated research into household specifics as they knew names of spouse and children users of Dragos executives, which is a recognised TTP. Having said that, they referenced fictitious email addresses for these loved ones members,” the report noted.
“In addition, through this time, the cyber-criminals contacted senior Dragos workforce by way of own email. Our final decision was that the greatest response was to not interact with the criminals.”
Dragos co-founder and CEO, Robert Lee, shared much more particulars by means of Twitter.
“The criminals certainly grew discouraged because we in no way tried to get in touch with them,” he tweeted. “Paying was under no circumstances an option. They ongoing to connect with me, threaten my household, and the loved ones of numerous of our workers by their names.”
In the end, the vendor’s multi-layered security method seems to have prevented a far more major compromise.
The risk actors could not obtain the Dragos messaging process as they necessary admin approval and have been not able to compromise the IT helpdesk, purchaser support information, the staff recognition process, income sales opportunities and extra, due to position-centered entry controls.
After the hackers were being identified via the vendor’s security data and party management (SIEM) resource, it blocked the compromised account and activated third-get together incident response and MDR. Security controls prevented any malicious actor lateral movement, privilege escalation, persistent obtain or variations to the firm’s infrastructure, Dragos mentioned.
However, not all ransomware victims have a similar practical experience. Sophos claimed in a report yesterday that 66% of companies fell sufferer to ransomware in 2022, and a enormous 76% of them had data encrypted.
Some parts of this article are sourced from:
www.infosecurity-journal.com