A cybercrime group that managed to compromise the cloud-centered methods of a cybersecurity seller tried to extort the business by threatening spouse and children associates, the firm has exposed.
Operational technology (OT) security specialist Dragos claimed it was strike on May well 8 right after risk actors compromised the email account of a new profits staff prior to their start off day.
Read a lot more on ransomware: Time Taken to Deploy Ransomware Drops 94%.
They subsequently employed the employee’s own details to impersonate them and full some basic onboarding, in accordance to the vendor’s report on the incident. This received them as much as obtain to the corporation SharePoint account and agreement management procedure, but no more.
Nevertheless, immediately after failing to deploy a ransomware payload or steal additional sensitive information and facts, the team evidently resorted to trying to extort Dragos executives to prevent general public disclosure.
While no Dragos speak to responded, the team frequently tried using to up the tension, speaking to multiple publicly known Dragos staff and attempting to use expertise of relatives members to drive a reaction.
“The cyber-criminals’ texts demonstrated analysis into relatives aspects as they realized names of loved ones customers of Dragos executives, which is a recognised TTP. However, they referenced fictitious email addresses for these relatives customers,” the report noted.
“In addition, in the course of this time, the cyber-criminals contacted senior Dragos workers through particular email. Our conclusion was that the best response was to not interact with the criminals.”
Dragos co-founder and CEO, Robert Lee, shared far more facts through Twitter.
“The criminals certainly grew discouraged for the reason that we under no circumstances tried to make contact with them,” he tweeted. “Paying was by no means an choice. They ongoing to get in touch with me, threaten my spouse and children, and the family members of numerous of our staff by their names.”
In the stop, the vendor’s multi-layered security strategy appears to have prevented a more critical compromise.
The menace actors could not accessibility the Dragos messaging process as they essential admin approval and had been unable to compromise the IT helpdesk, customer assistance details, the employee recognition system, profits leads and extra, owing to purpose-primarily based accessibility controls.
The moment the hackers have been determined by means of the vendor’s security facts and party management (SIEM) instrument, it blocked the compromised account and activated 3rd-party incident response and MDR. Security controls prevented any malicious actor lateral movement, privilege escalation, persistent access or variations to the firm’s infrastructure, Dragos said.
However, not all ransomware victims have a similar working experience. Sophos claimed in a report yesterday that 66% of companies fell target to ransomware in 2022, and a huge 76% of them experienced knowledge encrypted.
Some parts of this short article are sourced from: