Dragos, a cybersecurity firm located in Maryland, recently disclosed that they successfully blocked an extortion attempt against their company. No systems were breached, and the intruders’ access was limited to intelligence reports and a contract management system, which the company has said were both accessible to paying customers. The situation arose after the email account of a newly hired employee was compromised prior to their onboarding date. The hackers used the employee’s information to move through early steps in the onboarding process, leading to the group obtaining access to some systems.
As soon as Dragos detected the attempted attack, they took immediate action, identifying the IP address associated with a customer that had been accessed and blocking the intruders’ account. The investigation surrounding the incident is still ongoing. In their disclosure statement, Dragos emphasized the need for transparency and collaboration as cyberattacks continue to become increasingly sophisticated and intricate.
Dragos CISO Steve Applegate addressed the issue in an email, stating that organizations have been understandably concerned about reputational damage that can potentially stem from a cybersecurity event. However, he noted that withholding security information only hurts the broader community. “As cyberattacks grow in sophistication and number, there needs to be an attitudinal shift toward transparency and collaboration,” he said.
While Dragos was able to block the attack, this event once again highlights the need for all organizations to prioritize cybersecurity. Companies, particularly those in the cybersecurity industry, can still become victims of cyberattacks, and all entities should be taking actions to protect their networks, data, and employees.
Ryan Bell, Threat Intelligence Manager at Corvus Insurance, spoke to the increasing use of data theft for extortion. He notes that threat actors are becoming more adept at making use of stolen data, scanning the victim network to find and steal the most sensitive files, such as financials, PII, or other confidential data. Additionally, personal computers and accounts of employees are not off-limits to hackers, with attackers targeting employees’ digital lives even before they start their first day of work.
Stuart Wells, CTO of Jumio, spoke on the importance of identity verification and authentication in protecting businesses. This event serves as a reminder for companies across industries to make sure they are effectively verifying and authenticating users. Wells notes that “companies must be equipped to protect their data, and their customers’ data, which starts with a strong foundation of user verification and authentication.”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, praised Dragos for the company’s response. “This is one of the rare stories where you hear about a truly crafty social engineering attempt and a quick discovery, which led to minimal damage,” he said. Erich Kron, Security Awareness Advocate at KnowBe4, also gave credit to Dragos for implementing appropriate security protocols.
The failed extortion attempt on Dragos showcases the necessity of maintaining strong cybersecurity practices and the need for transparency and collaboration within the industry. As the number of cyberattacks continues to rise, all organizations must be vigilant in prioritizing and implementing effective cybersecurity measures.