Community monitoring firm LogicMonitor confirmed in the present day that some customers of its SaaS platform have fallen sufferer to cyberattacks.
The corporate says that the hacking marketing campaign has hit what it describes as a “small quantity” of customers and is working with these affected to mitigate the assaults’ affect.
“We’re at the moment addressing a security incident that has affected a small variety of our clients,” a spokesperson instructed BleepingComputer.
“We’re in direct communication and dealing carefully with these clients to take applicable measures to mitigate affect.”
Whereas LogicMonitor didn’t affirm that ransomware assaults hit its affected clients, nameless sources acquainted with the incidents instructed BleepingComputer that the risk actors hacked buyer accounts and “had been capable of create native accounts and deploy ransomware.”
The identical sources mentioned the ransomware was deployed utilizing the platform’s on-premise LogicMonitor Collector sensors, which monitor consumer infrastructure but in addition have scripting features.
This was allegedly carried out by the risk actors deploying scripts from the cloud-based platform that had been pushed right down to the on-premise Collectors and executed regionally.
BleepingComputer was instructed the assaults focusing on LogicMonitor’s clients occurred final week.
When you’ve got any info on this assault or different assaults, you possibly can contact us confidentially through Sign at 646-961-3731.
Firm investigating account entry points
Two days in the past, the corporate mentioned on its standing web page that it was investigating “technical abnormalities” impacting buyer accounts.
“LogicMonitor has recognized lack of portal entry for a subset of shoppers in us-west-2, us-east-1 and eu-west-1. Crew has recognized the issue, and we’re working to repair the difficulty,” the corporate mentioned in an replace.
“LogicMonitor is at the moment engaged on restoring time-series knowledge for trial/demo buyer portals situated within the US-WEST area. Trial/demo buyer portals within the EU-WEST and US-EAST area that had been impacted earlier have now been restored and are absolutely accessible.”
In a separate incident report, LogicMonitor mentioned 17 hours in the past that the incident had been resolved.
Clients hacked due to weak default passwords
One other nameless supply instructed TechCrunch that the affected clients’ accounts had been hacked utilizing default weak passwords assigned by LogicMonitor to new customers.
These passwords had been additionally robotically assigned to all different customers created throughout the organizations till they had been modified.
“LogicMonitor had reached out to us proactively with a attainable username/password breach for a number of of their clients through a name, which might result in programs which might be being monitored by LogicMonitor to be compromised with a ransomware assault and henceforth this proactive attain out,” one of many firm’s clients additionally mentioned.
A LogicMonitor spokesperson declined to offer extra info in response to inquiries from BleepingComputer.
These queries sought extra particulars relating to the variety of clients impacted and whether or not the attackers efficiently infiltrated the corporate’s programs.
Furthermore, clients interviewed by BleepingComputer additionally mentioned that LogicMonitor was sharing minimal info with customers.
LogicMonitor says its community monitoring platform is utilized by greater than 25,000 customers.
