Dragos was the target of an extortion attempt this week by a known threat actor, the company said Wednesday. The threat actor gained access by compromising the personal email of a new sales employee before they started working at the cybersecurity firm.
The hackers impersonated the employee during the onboarding process and gained access to SharePoint and contract management resources. The company said the hackers accessed a report with IP addresses associated with one of its customers, and Dragos officials have reached out to that customer.
The extortion attempt failed, Dragos said, and none of its systems were breached, including anything related to the Dragos platform.
Dragos was able to block the compromised account after investigating alerts from its security information and event management system. The company activated an incident response retainer with a top service provider, as well as a third-party monitoring, detection and response provider.
Dragos said it blocked the threat group from achieving their main goal, which it claims was to deploy ransomware. The hackers were unable to move laterally, escalate privileges, establish persistence or make any alterations to Dragos infrastructure, the company said.
The potential fallout from this incident should be limited, according to Jon Amato, senior director analyst at Gartner.
“The threat to Dragos is more reputational than anything else – for a security company to get hit like this is never a good thing,” Amato said via email.
However, based on the history of recent incidents involving firms like FireEye, Okta and other security firms, the reputational hit should be short term, Amato said.
After failing to deploy ransomware, the hackers escalated their threats by referencing family members and contacts of Dragos executives, the company said.
Senior level Dragos employees were contacted via personal email and the hackers also reached out to publicly known contacts of the company.
The stolen data is likely to be made public, Dragos said, because it did not give in to extortion demands. No specific ransom amount was disclosed.
A spokesperson for Dragos was in the process of responding to queries, but did not have the information in time for publication.
Using stolen data for extortion is on the increase, according to Ryan Bell, threat intelligence manager at Corvus Insurance.
“A growing number of new groups are now abandoning encryption altogether to focus solely on data theft,” Bell said via email.
Yet to be published research from Corvus Threat Intel shows 27% of new extortion groups engaged in data-theft-only attacks in 2022, compared to 17% in 2021, Bell said.