Cyber Security Firm Dragos Targeted By Hackers

The CEO of cyber security company Dragos, Robert M Lee, received a message earlier this year from an organised crime group claiming that it had broken into Dragos’s employee email account. They  threatened Lee that they would release the company’s data unless a ransom were paid. He refused to negotiate with the attackers, so the hackers increased the amounts.

In addition, they found his son's passport, school and phone number online. Lee said the message was clear: pay up or your family is at risk. "When you start talking about your child's life and safety, things take a different turn," Lee told reporters.  He is a veteran of both the US military and the National Security Agency.

The criminal group that threatened Lee is known to resort to “swatting”, a practice when someone maliciously calls the local authorities pretending to be a victim of an armed attack, prompting a police SWAT team being sent to a target’s home. “Basically, they’re trying to get someone killed,” said Lee, who was told by local police that their best option in that situation was to lie down on the floor.

Lee is a recognised authority in the industrial cyber security industry and co-founded Dragos, a global technology leader in cyber security for industrial controls systems operational technology environments.

Other Hacking Attacks

The threats are widespread and can be highly inventive. Examples include a Ukrainian hacker who mailed a gram of heroin to the home of Brian Krebs, a journalist turned cyber security analyst. They then had a florist deliver a huge bouquet in the shape of a cross to Krebs' house. In other incidents, victims have been instructed to send money to cyber security professionals' bank accounts in an attempt to trap them. A North Korean hacker group impersonated security researchers on LinkedIn, with prospective contacts then sending malware hidden in an encryption key.

"We're an organisation that's constantly engaged with threat actors, so we have to think about our own security, from a physical standpoint," said Charles Carmakal, chief technology officer at Mandiant , which is called upon to investigate major breaches, such as recently at the State Department and to other US agencies.

But some analysts have warned that the situation is being exacerbated by the deep involvement of Western companies in the cybersecurity of Ukraine, a country that has faced the most sustained and sophisticated cyber attacks on record. "It's going to get worse," said the investigator whose home was searched. "Someone is going to get killed" was the ominous prediction he made in the Financial Times.

Dragos have firmly maintained that they will not engage nor pay ransom at any point. It's a hard stance to take, a lot of organisation will buckle under the pressure.

TechWar:     FT:     Bloomberg:     SC Magazine:     Bleeping Computer:     Dragos:     LinkedIn

You Might Also Read: 

Police Officers At Severe Risk As Personal Data Exposed:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Understanding Generative AI
Generative AI Could Replace The Internet »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Kernelios

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Zyber 365

Zyber 365

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.