How Dragos Protected Its Systems from a Ransomware Attack
In today’s digital age, cybersecurity is of utmost importance. The increasing number of cyberattacks targeting businesses is a clear indication of the need for advanced security measures. Recently, cybersecurity firm Dragos was targeted by a threat actor who attempted to deploy ransomware. However, the attempt was unsuccessful, and Dragos shared the details of the attack to help other businesses avoid falling prey to similar threats in the future.
Contents
The Attack
Dragos reported in a blog post that a threat actor had gained access to the company’s systems through a previously compromised email account belonging to a newly employed member of staff. The attacker used this access to impersonate the new employee and gain access to resources typically used by new sales employees, such as SharePoint and the Dragos contact management system. The attacker was also able to obtain a report with IP addresses associated with a customer, prompting Dragos to reach out to that customer immediately.
The company believes that it was able to spot the attacker on time and prevent them from causing any significant damage. According to Dragos, the attacker was unable to accomplish their primary objective of launching ransomware. The company’s layered security controls prevented the attacker from accomplishing lateral movement, escalating privileges, establishing persistent access, or making any changes to the infrastructure.
The Extortion Attempt
Despite being unable to launch ransomware, the attackers attempted to extort Dragos for the data they had taken. They contacted company executives via WhatsApp, threatening to release sensitive data to the dark web. The attackers went as far as mentioning family members and reaching out to other Dragos contacts to try and trigger a response.
Dragos refused to pay the extortion, and as a result, the attackers threatened to release the stolen data publicly. In the end, the attackers released some of the data, which the company considered “regrettable.” However, Dragos hoped that by highlighting the methods of the adversary, it could help other businesses consider additional defenses against similar attacks.
How Dragos Defended Against the Attack
Dragos credits its layered security controls for successfully defending against the attack. These controls prevented the attackers from carrying out their primary objective of launching ransomware and stopped them from escalating their privileges or establishing persistent access to the company’s infrastructure.
Dragos also quickly identified the attack and contained it by revoking the compromised email account, resetting passwords, and reviewing access logs. The company’s prompt response limited the attackers’ ability to move laterally and caused minimal disruption to the business.
Cybersecurity Lessons Learned: The Dragos Cyberattack
Cybersecurity is a critical issue for any organization, and the recent attack on Dragos highlights just how important it is to have strong security controls in place. This attack serves as a reminder that cyberattacks can happen to anyone, and even the most advanced security measures can be bypassed by determined attackers.
At Dragos, a cybersecurity firm that specializes in industrial control systems (ICS) security, the attackers gained access to the company’s systems through a previously compromised email account belonging to a newly employed member of staff. They then used this access to impersonate the new employee and access resources typically used by new sales employees, including SharePoint and the Dragos contact management system.
Despite the attackers’ efforts, Dragos was able to detect the intrusion and prevent any major damage from occurring. However, the attackers did manage to steal some data and attempted to extort the company for its safe return. Dragos chose not to pay the ransom and instead shared the details of the attack with the public in hopes of helping other organizations avoid a similar fate.
What Can We Learn from the Dragos Cyberattack?
The Dragos cyberattack serves as a stark reminder of the importance of cybersecurity. No organization is immune to the threat of cyberattacks, and even the most advanced security measures can be bypassed by determined attackers.
Here are some key takeaways from the Dragos cyberattack:
1. Always Be Vigilant
One of the most important lessons we can learn from the Dragos cyberattack is the importance of remaining vigilant at all times. Cyberattacks can happen at any time, and attackers are constantly looking for new ways to bypass security measures. It is essential to have a comprehensive security plan in place and to remain vigilant and proactive in monitoring for potential threats.
2. Implement Strong Access Controls
Another key lesson from the Dragos cyberattack is the importance of strong access controls. Access controls are the mechanisms that control who can access sensitive information and resources within an organization. By implementing strong access controls, organizations can reduce the risk of unauthorized access to their systems and data.
3. Educate Employees About Cybersecurity
Employees are often the weakest link in an organization’s security chain, and as such, it is essential to educate employees about cybersecurity best practices. This includes teaching them how to identify potential threats, how to report suspicious activity, and how to use security tools effectively.
4. Have a Comprehensive Incident Response Plan
In the event of a cyberattack, having a comprehensive incident response plan is essential. This plan should outline the steps to be taken in the event of a breach, including who to contact, how to contain the attack, and how to restore systems and data.
5. Regularly Update and Test Security Measures
Finally, it is essential to regularly update and test security measures to ensure that they are effective and up-to-date. This includes conducting regular vulnerability assessments, penetration testing, and security audits to identify and address any weaknesses in your organization’s security posture.
The cyberattack on Dragos serves as a powerful reminder of the importance of cybersecurity and the need for organizations to remain vigilant in the face of ever-evolving threats. By implementing strong access controls, educating employees, and having a comprehensive incident response plan, organizations can reduce the risk of cyberattacks and mitigate the damage in the event of a breach.
