Share this article on:
Hackers have attempted to infiltrate the network of Dragos, a cyber security firm based in the US.
According to the firm, the unnamed but reportedly “known” criminal group attempted to access its internal network in an attempt to encrypt devices as part of a ransomware attack. The threat group was unsuccessful in breaching the company’s cyber security platform or internal network.
“On May 8, 2023, a known cyber criminal group attempted and failed at an extortion scheme against Dragos,” the company said in a statement.
“No Dragos systems were breached, including anything related to the Dragos Platform.”
However, Dragos revealed that the threat group did actually gain access to its SharePoint cloud service and contract management system by gaining the personal credentials of a new employee prior to their start.
This allowed them to “impersonate the Dragos employee and accomplish initial steps in the employee onboarding process”.
Dragos said that this allowed the threat actor to access the resources available to the user in SharePoint and the Dragos contract management system.
As a result, while the main objective of the group to deploy ransomware was thwarted, the hackers began sending Dragos executives direct messages, alluding to having researched personal information such as family member details.
In addition, senior executives were contacted via personal emails. Dragos chief executive and founder Robert M. Lee said that the techniques used by criminals in the messages sent to executives are proof that the criminals were not getting what they wanted and were getting frustrated.
The criminals obviously grew frustrated because we never attempted to contact them. Paying was never an option. They continued to call me, threaten my family, and the family of many of our employees by their names. We hope sharing this can help other organizations prepare.
— Robert M. Lee (@RobertMLee) May 10, 2023
Dragos decided that “the best response was to not engage with the criminals”, and it has taken a stance against paying cyber criminals the ransom fees they requested.
“While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation,” continued Dragos.
“The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable.
“However, it is our hope that highlighting the methods of the adversary will help others consider additional defenses against these approaches so that they do not become a victim to similar efforts.”
Dragos has said that it is taking a number of steps to prevent similar incidents in the future, including adding additional verification steps in its onboarding process to prevent a repeat of this incident.
It has also said that it will look to expand the use of multi-step access approval, a technique that was responsible for blocking other access attempts.