Network monitoring firm LogicMonitor has confirmed that certain users of its SaaS platform have been targeted in ransomware attacks. The company acknowledged the breach, describing it as affecting a “small number” of users, and is actively collaborating with affected individuals to mitigate the impact of the attacks.
Furthermore, while LogicMonitor did not explicitly confirm the ransomware attacks, anonymous sources revealed that threat actors exploited vulnerabilities in customer accounts, allowing them to create local accounts and deploy ransomware. The attacks reportedly utilized the platform’s on-premise LogicMonitor Collector sensors to execute the ransomware through cloud-based platform scripts.
Additionally, the breach occurred last week and affected customers’ accounts were reportedly hacked due to default weak passwords assigned by LogicMonitor to new users. These passwords were also automatically assigned to all users within the organizations until they were changed.
LogicMonitor took proactive measures, notifying affected customers of the breach, which could potentially compromise systems being monitored by the platform. The company’s approach to information sharing and communication regarding the breach has raised concerns among customers.
LogicMonitor is currently working to resolve the issue and restore access for impacted customers while addressing the security vulnerabilities that allowed the breach to occur.
