Today, LogicMonitor, a network monitoring company, confirmed that certain users of its SaaS platform have been impacted by cyberattacks.
Ransomware attacks have targeted LogicMonitor customers
While LogicMonitor has yet to officially acknowledge the impact of ransomware attacks on its customers, anonymous insiders with knowledge of these incidents informed BleepingComputer that malicious actors breached customer accounts. These actors reportedly succeeded in establishing local accounts and deploying ransomware.
Furthermore, these sources claimed that the ransomware was introduced via the on-premise LogicMonitor Collector sensors, originally designed for monitoring user infrastructure and equipped with scripting capabilities.
Allegedly, the hackers crafted scripts within the cloud-based platform and then pushed them to the on-premise Collectors for local execution.
Two days ago, the company said on its status page that it was investigating “technical anomalies” affecting customers’ accounts.
In a separate incident report, LogicMonitor states that 17 hours ago the incident was resolved.
Weak default passwords were exploited by hackers, leading to attacks on customers.
According to an anonymous source who spoke with TechCrunch, affected customers’ accounts were compromised through the utilization of default weak passwords that LogicMonitor had assigned to new users. These passwords were also automatically applied to all users across various organizations until they were manually changed.
In response to BleepingComputer’s inquiries, a representative from LogicMonitor declined to furnish additional information.
LogicMonitor says its network monitoring platform is used by more than 25,000 users.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment