Dragos Successfully Defends Itself Against a Ransomware Attack
The Attack
Dragos, a security company, faced a socially-engineered ransomware attack when a ransomware group tried to extort money from the company. This attack occurred on May 8th, and the attackers gained access to SharePoint and the Dragos contract management system by compromising the personal email address of a new sales employee before they began working. The attackers then impersonated the employee using stolen personal information from the hack to undertake initial steps in the company’s employee onboarding process. Despite this, Dragos responded swiftly, stopping the group from deploying ransomware or engaging in any further activity, including lateral movement, escalating privileges, establishing persistent access, etc.
The Response and Internal Mitigation
Dragos’ layered security approach and swift reaction prevented a more serious attack and offers a blueprint for other organizations to follow. The company investigated corporate security information and event management (SIEM) alerts, blocked the compromised account, and activated its incident response with their retainer. They also engaged a third-party monitoring, detection, and response (MDR) provider to manage incident-response efforts. Additionally, verbose system activity logs enabled the company to triage and quickly contain the security event. To prevent future attacks, the company has added a new verification step to strengthen the employee onboarding process, and they’ve expanded multi-step access approval to other critical systems.
Promoting Cyber Transparency
Dragos’ decision to publicly discuss the attack offers a lesson on how to defuse a security breach before it causes significant damage and aims to “de-stigmatize security events.” Security incidents have proven that no company, even ones that appear firmly locked down, is safe from attack, particularly with the current level of attackers’ sophistication when using social-engineering tactics.
Cyber-Resilience Advice for Other Organizations
To avoid similar attacks, Dragos recommends hardening identity and access management infrastructure and processes, implementing separation of duties, and applying the principle of least privilege to all systems and services, and implementing multifactor authentication wherever possible. Other steps include applying explicit blocks for known bad IP addresses, scrutinizing incoming emails for typical phishing triggers, and continuously monitoring security.
Conclusion
Dragos’ successful defense against a ransomware attack offers valuable lessons for other organizations to follow. Cybersecurity is essential to every organization looking for cyber resilience, and implementing robust security measures and having reliable incident response playbooks in place is vital in defending against cyber threats.
<< photo by Mati Mango >>
You might want to read !
- Bridging the Cybersecurity Divide: The Power of Public-Private Information Sharing
- Apple Releases Rapid Security Response Patch for Cyberattacks, Leaves Some Users Confused
- How the Evolution of Industrial Security is Ensuring Uninterrupted Operations
- Updating Legacy Systems: Mitigating the Risk of Old Vulnerabilities
- Malware Misdirection: Attackers Using Popular CDNs as Cover
- Global Expansion: Dark Reading Takes On the World
- Campus Chaos: Massive Student Loan Breach Exposes 2.5 Million Records
- The Importance of Understanding the Motivations Behind Data Breaches
- Examining the Consequences: Former Uber CISO Avoids Jail Time for 2016 Data Breach
