Dragos, an industrial cybersecurity company, recently disclosed a significant cybersecurity incident. The company reported confront a determined cybercrime gang that aimed to breach its defenses and gain unauthorized access to its internal network, with the intention of encrypting various devices within the system.
According to Dragos, the threat actors failed to breach the company’s network or compromise its cybersecurity platform. However, they did manage to gain entry into Dragos’ SharePoint cloud service and contract management system.
In a company statement, Dragos confirmed that on May 8, 2023, a well-known cybercriminal group attempted an extortion scheme, which ultimately proved unsuccessful. It is important to note that none of Dragos’ systems, including those associated with the Dragos Platform, were compromised in any way.
The criminal group successfully gained entry by compromising the personal email address of a newly hired sales employee even before their official start date. They exploited the employee’s personal information and assumed the individual’s identity to carry out initial steps in the employee onboarding process on behalf of Dragos.
After breaching Dragos’ SharePoint cloud platform, the attackers proceeded to actively download “general use data” and accessed 25 intelligence reports that were typically reserved for customers only.
Despite having approximately 16 hours of access to the compromised employee account, the threat actors failed to breach multiple Dragos systems. These systems include the messaging system, IT helpdesk, financial systems, request for proposal (RFP) system, employee recognition system, and marketing systems. The credit for preventing the access to these systems goes to the implementation of role-based access control (RBAC) rules.
After their failed attempt to breach the company’s internal network, the cybercriminals promptly sent an extortion email to Dragos executives around 11 hours into the attack. However, because the email was sent outside of business hours, it remained unread for 5 hours.
Dragos confidently expressed their trust in their layered security controls, affirming that these measures effectively thwarted the threat actor’s primary goal of launching ransomware. Additionally, the cybercriminals found themselves unable to perform lateral movement, escalate privileges, establish persistent access, or make any alterations to the infrastructure.
Apart from the extortion email, the cybercrime group also attempted to coerce the company by issuing threats to publicly disclose the incident. These threats were conveyed through messages sent to public contacts and personal email accounts belonging to Dragos executives, senior employees, and even their family members.
Story credit
Related stories:
