Cybersecurity firm Dragos has recently disclosed that it was the target of a ransomware attack that was fortunately prevented from causing any major harm. The attack was carried out by a threat actor who gained access to Dragos’ system through a previously compromised email account belonging to a newly employed member of staff. They used this access to impersonate the new employee and access resources typically used by new sales employees, such as SharePoint and the Dragos contact management system.
While the attack was prevented from accomplishing what the company believes to be their primary objective of launching ransomware, the attackers reached out to Dragos executives via WhatsApp to threaten the release of sensitive data to the dark web. As the company did not pay the ransom, the attackers resorted to mentioning family members, as well as reaching out to other Dragos contacts in an attempt to trigger a response.
Dragos stated that the incident is still an ongoing investigation and highlighted the methods of the adversary, hoping that it will help others consider additional defenses against these approaches. The company is confident that its layered security controls prevented the threat actor from doing any significant damage.
The attack on Dragos highlights the risk of ransomware attacks and the importance of cybersecurity measures to mitigate these risks. Companies must remain vigilant against cyber threats and ensure that their employees receive proper training on cybersecurity practices. Additionally, companies must maintain strong access controls and monitor their systems for suspicious activity, ensuring that they have layered security controls in place to prevent attacks from succeeding.
