{"id":28444,"date":"2023-05-11T09:41:40","date_gmt":"2023-05-11T13:41:40","guid":{"rendered":"https:\/\/www.oxebridge.com\/emma\/?p=28444"},"modified":"2023-05-11T09:41:40","modified_gmt":"2023-05-11T13:41:40","slug":"dragos-rep-says-company-could-prevent-hacks-from-ever-happening-gets-hacked-4-days-later","status":"publish","type":"post","link":"https:\/\/www.oxebridge.com\/emma\/dragos-rep-says-company-could-prevent-hacks-from-ever-happening-gets-hacked-4-days-later\/","title":{"rendered":"Dragos Rep Says Company Could Prevent Hacks “From Ever Happening,” Gets Hacked 4 Days Later"},"content":{"rendered":"

Not a good day to be an overexcited<\/del> enthusiastic sales rep at Dragos, the cybersecurity provider. Over on LinkedIn (naturally), a slightly over-enthusiastic Dragos rep named Rob West<\/a> made the batshit<\/del> bold claim that Dragos could prevent cybersecurity hacks and extortion “from ever happening<\/em>” in the first place. In fact, he said it twice, just in case no one believed him the first time. Which was probably a good idea.<\/p>\n

In a post<\/a> by another cybersecurity bro, Josh O’Sullivan of Ardalyst linked to a\u00a0story about how the Marinette Marine shipyard, which makes vessels for the US Navy, had been hacked<\/a>. O’Sullivan claimed — with a straight face — that CMMC<\/strong> <\/em>would have prevented this from happening.<\/p>\n

\"\"<\/p>\n

Umm, no. But that will become clearly evident around 2026, as we watch all those CMMC-certified companies posting about their own ransom incidents.<\/p>\n

Not to be undone, West — whose LinkedIn profile<\/a> says he’s Dragos’ Senior Enterprise Account Manager for US Navy \/ US Marine Corps Sales — offered up another<\/strong> <\/em>snake oil cure<\/del> solution.<\/p>\n

\"\"<\/p>\n

Because you don’t reach the position of Senior Enterprise Account Manager for US Navy \/ US Marine Corps Sales without spamming your products in the comments sections at LinkedIn, West then repeated himself:<\/p>\n

\"\"<\/p>\n

West couldn’t even be bothered to read the article he was linking to, because if he had, he would have realized that Josh O’Sullivan was just posting a story to sell his own<\/strong> <\/em>cybersecurity consulting (for Ardalyst), and doesn’t work at Marinette Maritime. So Josh O’Sullivan couldn’t hire Dragos to fix the problem if he wanted to. But this sort of inability to read the room is on brand for desperate<\/del> aggressive sales reps who stalk the comments sections of LinkedIn posts.<\/p>\n

And, it has the added benefit of being hilarious to watch.<\/p>\n

Then, for some reason, another<\/strong> <\/em>cybersecurity consultant chimed in to shill for Dragos, too. Jaime Mizell<\/a> of FCN IT, also sold Dragos as cancer cure<\/del> the ultimate solution while giving West another chance to … well, do whatever the hell he thinks he’s doing:<\/p>\n

\"\"<\/p>\n

All nice, except that the universe had other plans for Dragos, perhaps teaching a lesson that not only does pride goeth before a fall, and all that.<\/p>\n

You see, just four days<\/strong><\/em> after West posted his stunningly daft<\/del> bold claims, Dragos itself had been hit by a cybersecurity “incident” and a cyberextortion demand. Per the reporting from BleepingComputer<\/a>:<\/p>\n

While Dragos states that the threat actors did not breach its network or cybersecurity platform, they got access to the company’s SharePoint cloud service and contract management system.<\/p>\n

After failing to breach the company’s internal network, they sent an extortion email to Dragos executives 11 hours into the attack.<\/p><\/blockquote>\n

While Dragos was quickly able to patch the problem, this flies in the face of West’s absolutely nutjob claims (yes, I stopped doing strikethrough jokes) that Dragos could “have prevented<\/em>” cyberattacks and then keep them “from ever happening again<\/em>.”<\/p>\n

According to SC Media<\/a>, the hack was the usual result of a single employee having been compromised, something that Dragos is unlikely to ever<\/strong><\/em> present a miracle cure for:<\/p>\n

The incident began on Monday when an unnamed \u201cknown criminal group\u201d gained access to select Dragos’ systems by compromising the personal email address of a new sales employee prior to their start date. The group then impersonated the new employee and completed initial steps in the company\u2019s onboarding process. The activity was eventually flagged in an alert from their Security Information & Event Management, and the compromised account was blocked.<\/p><\/blockquote>\n

As far as I can tell, this is the first time Dragos was hacked, so it remains to be seen if they can literally “prevent this from ever happening again<\/em>” but, clearly, logic and a functioning brain stem dictate that no single cybersecurity solution is as 100% foolproof as West claims. And now, if anything, their posturing paints a big, fat, red target on their backs, as hackers will flock to Dragos just to embarrass the living shit out of them.<\/p>\n

We get it: cybersecurity is important, and the risks are high. But the industry is filled to the nose-hairs with shills, charlatans, and carnival barkers, all claiming their particular solution (CMMC! ISO 27001! Zero Trust!<\/em>) is the thing that permanently fixes everything.<\/p>\n

You know that’s not true. We all do.<\/p>\n

Oh, and just wait until the CMMC players get hacked. Get out the popcorn for the comments sections on that<\/strong> <\/em>day.<\/p>","protected":false},"excerpt":{"rendered":"

Cybersecurity solutions firm Dragos was hit with ransomware attack just four days after claiming they could prevent such incidents.<\/p>","protected":false},"author":2,"featured_media":28449,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","mc4wp_mailchimp_campaign":[],"footnotes":""},"categories":[5],"tags":[7679,938,8315,65,954],"class_list":["post-28444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-opinion","tag-cmmc","tag-cybersecurity","tag-dragos","tag-iso-27001","tag-nist","et-has-post-format-content","et_post_format-et-post-format-standard"],"_links":{"self":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/28444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/comments?post=28444"}],"version-history":[{"count":1,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/28444\/revisions"}],"predecessor-version":[{"id":28450,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/28444\/revisions\/28450"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/media\/28449"}],"wp:attachment":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/media?parent=28444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/categories?post=28444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/tags?post=28444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}