On May 8th 2023, cyber criminals breached the systems of Dragos, a Maryland-based tech company. The attackers gained access to a new employee’s personal personal email address before his start date and impersonated him during his employment onboarding process. Once the attackers gained access to his account, they attempted infiltrating admin privileges and production servers but were unsuccessful due to Dragos’s policy of Role Based Access control (RBAC).
Because the attackers were unable to escalate privileges and execute a ransomware attack, they began attempting to extort money from higher level employees. However, the extortion wasn’t successful and within a few hours the entire attack was mitigated.
From this incident we can learn how a compromised personal account leads to breached infrastructure resources. There were two major ways the Fordham community can learn from this attack.
Implement rules for hardening the onboarding process for new students and employees.
Within Fordham University, we follow these principles whenever a new employee or student is asked to download DUO Mobile as a dual authentication application.
Once we have configured the Fordham account with DUO Mobile, any new login requests have to go through DUO authentication first. Even if the user’s password is compromised, the attacker can’t get into your Fordham account without a secondary device’s approval.
Having Role-based access controls or following the least privilege principle.
Role-based access control is when organizations give employees the lowest possible access to begin and build on those privileges through admin as they gain experience.
Even as employees escalate access to different systems/accounts they are only allowed to view the information absolutely necessary to perform their job. Access can be based on several factors, such as authority, responsibility, and job competency. Employees can be assigned access to computer resources as well, with ability to view, create, or modify files only available to higher level members.
Reference-:
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
https://www.linkedin.com/pulse/why-how-test-your-cyber-incident-response-centium