Close Menu
    Facebook X (Twitter) Instagram
    Trending
    • 5 Active Malware Campaigns in Early 2025: What You Need to Know
    • 10 Critical Network Pentest Findings IT Teams Overlook
    • Report Phishing Instantly with PhishAlarm
    • Password Reuse Epidemic: Nearly Half of User Logins Compromised
    • Women in Cybersecurity: Interest, Exposure, or Just Stereotypes??
    • Stay Ahead of Scammers in 2025
    • Cybersecurity Alert: Risks of Abandoned Websites
    • DHS Unveils Playbook for the Deployment of Artificial Intelligence for the Public Sector
    Fordham University Information Security and Assurance
    • Information Security and Assurance Homepage
    • Privacy Blog
    • About
    Fordham University Information Security and Assurance
    You are at:Home»Cyber Security Awareness Month Tip»What Can We Learn From The Dragos Cybersecurity Breach?
    Cyber Security Awareness Month Tip

    What Can We Learn From The Dragos Cybersecurity Breach?

    By Sofia CoraOctober 25, 20232 Mins Read
    laptop with lock around and pirate flag
    Share
    Facebook Twitter LinkedIn Pinterest Copy Link

    On May 8th 2023, cyber criminals breached the systems of Dragos, a Maryland-based tech company. The attackers gained access to a new employee’s personal personal email address before his start date and impersonated him during his employment onboarding process. Once the attackers gained access to his account, they attempted infiltrating admin privileges and production servers but were unsuccessful due to Dragos’s policy of Role Based Access control (RBAC).

    Source: Deconstructing a Cybersecurity Event – Dragos Blog

    Because the attackers were unable to escalate privileges and execute a ransomware attack, they began attempting to extort money from higher level employees. However, the extortion wasn’t successful and within a few hours the entire attack was mitigated.

    From this incident we can learn how a compromised personal account leads to breached infrastructure resources. There were two major ways the Fordham community can learn from this attack.

    Implement rules for hardening the onboarding process for new students and employees.

    Within Fordham University, we follow these principles whenever a new employee or student is asked to download DUO Mobile as a dual authentication application.
    Once we have configured the Fordham account with DUO Mobile, any new login requests have to go through DUO authentication first. Even if the user’s password is compromised, the attacker can’t get into your Fordham account without a secondary device’s approval.

    Having Role-based access controls or following the least privilege principle.

    Role-based access control is when organizations give employees the lowest possible access to begin and build on those privileges through admin as they gain experience.

    Even as employees escalate access to different systems/accounts they are only allowed to view the information absolutely necessary to perform their job. Access can be based on several factors, such as authority, responsibility, and job competency. Employees can be assigned access to computer resources as well, with ability to view, create, or modify files only available to higher level members.

    Reference-:
    https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
    https://www.linkedin.com/pulse/why-how-test-your-cyber-incident-response-centium

    Share this:

    • Click to share on X (Opens in new window) X
    • Click to share on Facebook (Opens in new window) Facebook
    • Click to share on LinkedIn (Opens in new window) LinkedIn

    Like this:

    Like Loading...
    Cybersecurity Awareness Month Tip Cybersecurity Month News and Events ransomware social engineering
    Previous ArticleShoulder Surfing: What is it and how to Stop it
    Next Article How To Backup Your Files With OneDrive (2023)

    Related Posts

    10 Critical Network Pentest Findings IT Teams Overlook

    Cybersecurity Alert: Risks of Abandoned Websites

    What You Need to Know About Emerging Data Privacy Trends in 2025

    Follow Us on Twitter!
    Follow @FordhamSecureIT
    My Tweets
    Archives
    Categories
    • AI (1)
    • Alerts (384)
    • CISO (19)
    • Cyber Security Awareness Month Tip (150)
    • Data Privacy Week (2)
    • Executive Director (1)
    • Exploits and Vulnerabilities (35)
    • General Information (34)
    • Identity and Access Management (12)
    • Identity Theft (26)
    • Jason Benedict (19)
    • Legitimate Email (14)
    • Malicious Email (24)
    • Mobile (25)
    • Network Security (2)
    • News and Events (143)
    • Newsletter (13)
    • Password (17)
    • Phishing (333)
    • Phishing Email (340)
    • Privacy (10)
    • Ransomware (9)
    • Scam (104)
    • Security Awareness (262)
    • Security Guides (34)
    • Social Engineering (12)
    • SPAM (40)
    • Suspicious (6)
    • Telework (2)
    • Teleworking (3)
    • Trojan (7)
    • Uncategorized (9)
    • Virtual Meeting (4)
    • Virus (28)
    • Viruses (8)
    • World Backup Day (1)
    • Zoom (6)
    Tag Cloud
    Alerts Artificial Intelligence Backups cell phones CISO Cybersecurity Awareness Month Tip Cybersecurity Month Data Privacy Device email Exploits and Vulnerabilities fordham fraud Identity and Access Management Identity Theft Information Security Guides Jason Benedict Legitimate Email malicious email Mobile Multi-Factor Authentication networks Network Security News and Events Newsletter online safety Online Shopping Password Phishing Phishing Email Privacy ransomware scam scams Security Awareness social engineering Social Media spam trojan Virus Viruses Wireless wire transfer scam World Backup Day zoom
    About
    About

    Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to more than 15,100 students in its four undergraduate colleges and its six graduate and professional schools.

    Copyright © Fordham University
    Facebook X (Twitter) Instagram YouTube LinkedIn
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    %d