Several users of network monitoring platform LogicMonitor have fallen victim to a hacking attack. The hackers reportedly succeeded in spreading ransomware.
According to LogicMonitor, it was recently revealed that several users were affected by a hacking attack. In this attack, sources tell BleepingComputer, the hackers allegedly managed to hack into accounts of users of the platform and conduct further activities through these accounts.
The latter involved creating local accounts and spreading ransomware.
Ransomware via on-premise sensors
According to sources, the hackers spread the ransomware via the platform’s on-premise LogicMonitor Collector sensors. These monitor customers’ infrastructure, but also provide scripting functionality.
To spread the ransomware, the hackers sent scripts from the cloud-based monitoring platform to the on-premise Collectors and then executed them locally on customers’ infrastructure.
Passwords weakest link
Other sources indicated to TechCrunch that the hackers’ attack vector lay in the temporary passwords that LogicMonitor gives to new customers. These passwords were also automatically assigned to other users within customers’ organizations until they were changed.
LogicMonitor reportedly notified customers that these passwords posed a potential risk of breaches or a ransomware attack. This likely happened after the attacks were discovered.
Who is responsible for the hacking and ransomware attacks via LogicMonitor is not known. The network monitoring specialist indicates that some users have been affected by a hacking attack and that work is underway to resolve the issue.