Cysecurity is one of the crucial things that we need to take seriously in this digital era. No wonder, it is very concerning to hear a cybersecurity firm being breached. Recently, Dragos, an industrial cybersecurity company, has disclosed that they were hit by a cyberattack, but they managed to mitigate the damages.
The attack aimed to breach Dragos’ defenses and infiltrate the internal network to encrypt devices. However, the perpetrators failed to breach any of Dragos’ systems, and they did not manage to launch ransomware.
I. Introduction
Brief overview of the cybersecurity incident involving Dragos
Industrial cybersecurity company, Dragos, was subject to an attempted breach by a known cybercrime gang. Despite accessing the company’s cloud service and contract management system, the group failed to breach internal systems.
They managed to download general use data and 25 intel reports before sending an extortion email to executives. The company’s layered security controls prevented any further infiltration efforts. All sessions were revoked, and the attacker was blocked from accessing company resources. This breach serves as a warning to other businesses and governments to prioritize proper infrastructure security. [1][2]
II. Background Information
Description of Dragos as an industrial cybersecurity company
Dragos is an industrial cybersecurity company committed to protecting critical infrastructure from cyber threats. Their team of experts, including former NSA and Department of Defense personnel, provides advanced threat detection, response, and threat hunting services.
Dragos also offers training and educational resources to empower individuals and organizations to better understand and defend against cyber attacks. With a focus on industrial control systems (ICS) and minimizing the impact of cyber incidents on physical processes, Dragos sets the standard for industrial cybersecurity. [3][4]
Details of the attempted breach and infiltration of the internal network by a known cybercrime gang
A cybercrime gang attempted to breach Dragos cybersecurity platform and infiltrate its internal network. Although they gained access to the company’s SharePoint cloud service and contract management system, they failed to infiltrate Dragos messaging, IT helpdesk, financial request for proposal (RFP), employee recognition, and marketing systems due to role-based access control (RBAC) rules.
The attackers downloaded general use data and accessed 25 intel reports, but their attempt to launch ransomware failed. After 16 hours, Dragos responded swiftly to the extortion email sent by the cybercriminals, thereby thwarting their efforts to breach the system completely. [5][6]
III. Attack Outcomes
Failed attempt by the cybercrime group to breach Dragos systems
The known cybercrime group attempted and failed to breach Dragos systems during their extortion scheme against the company. Though they gained access to the SharePoint cloud service and contract management system, they were denied access to messaging, IT helpdesk, financial request for proposal, employee recognition, and marketing systems due to role-based access control rules.
Despite sending an extortion email to Dragos executives, the threat actors were unsuccessful in breaching the company’s internal network or platform to launch ransomware. [7][8]
Access to the SharePoint cloud service and contract management system
During the failed extortion attempt, the cybercriminal group gained access to Dragos’ SharePoint cloud service and contract management system. From there, they downloaded general use data and 25 intel reports that were typically only available to customers. However, due to role-based access control (RBAC) rules, they failed to gain access to multiple Dragos systems, including messaging, IT helpdesk, financial request for proposal (RFP), employee recognition, and marketing systems. This highlights the importance of implementing RBAC rules to prevent unauthorized access to critical systems. [9][10]
Download of general use data and 25 intel reports
During attempted breach of cybersecurity company Dragos, the threat actors were able to download general use data and gain access to 25 intel reports that were typically only available to paying customers. This data was taken after breaching Dragos’ SharePoint cloud platform, but the company’s role-based access control (RBAC) rules prevented the cybercriminals from accessing multiple systems, including messaging, IT helpdesk, financial request for proposal (RFP), employee recognition, and marketing systems.
Despite the breach, Dragos remains confident that their layered security controls prevented the threat actor from accomplishing their primary objective of launching ransomware. [11][12]
Access denial to messaging, IT helpdesk, financial request for proposal (RFP), employee recognition and marketing systems
The cybercrime group that tried to breach cybersecurity firm Dragos failed to access several systems, including messaging, IT helpdesk, financial request for proposal (RFP), employee recognition, and marketing systems due to role-based access control (RBAC) rules. This denied them the opportunity to escalate privileges, make changes to the infrastructure, or establish persistent access. The incident highlights the importance of using RBAC rules and other security controls to secure critical systems and data. [13][14]
Extortion attempt via email to Dragos executives
After to breach Dragos’ internal network, the cybercrime group attempted to extort the company by sending an email to Dragos executives. The message threatened to publicly disclose the incident in messages sent via public contacts and personal emails belonging to executives, senior employees, and their family members. However, Dragos quickly disabled the compromised user account, revoked all active sessions, and blocked the cybercriminals’ infrastructure from accessing company resources. This incident highlights the need for businesses and governments to properly secure their infrastructure against cyber threats [15][16]
IV. Conclusion
Recap of the Dragos cybersecurity incident and its outcomes
In May 2023, a cybercrime group attempted to extort Dragos, an industrial cybersecurity company. While they gained access to some resources, they were unable to breach the company’s systems or launch ransomware. Dragos responded by revoking the compromised user account and blocking the cybercriminals’ infrastructure. The incident is an ongoing investigation, and while some data was lost, sharing the methods of the adversary will help others consider additional defenses against similar approaches. The incident was a reminder of the importance of securing infrastructure and implementing multi-factor authentication to prevent further breaches. [17][18]
Call for businesses and governments to take note of these incidents and properly secure their infrastructure.
As like the breach of Dragos cybersecurity company have become more common, it is essential for businesses and governments alike to take heed and properly secure their infrastructure. The use of multi-factor authentication, separation of duties, and continuous security monitoring can go a long way in preventing similar attacks from occurring. By implementing these measures, organizations can work to protect not only themselves but also their customers and stakeholders, safeguarding sensitive information and preventing major disruptions. [19][20]
