LogicMonitor customers impacted by ransomware deployed through LogicMonitor agents
Take action: The times of default assigned credentials to users has passed. Always enable the user to create their own credentials - even on first use. And always reset default credentials. Because default credentials are the worst kept secret ever, and every single hacker in the world will eventually learn them.
Learn More
LogicMonitor, a network monitoring company has confirmed that a portion of its SaaS platform users have fallen victim to a cyberattack. While the company has characterized the scope of the hacking campaign as affecting a "small number" of users, it is actively collaborating with the affected parties to minimize the impact of the attacks.
A spokesperson from LogicMonitor stated, "We are presently addressing a security incident that has impacted a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate impact."
Although LogicMonitor did not explicitly confirm ransomware attacks against the affected customers, anonymous sources have indicated that threat actors compromised customer accounts and were able to establish local accounts and deploy ransomware.
The ransomware deployment vector was through LogicMonitor's on-premise LogicMonitor Collector sensors, which not only monitor user infrastructure but also possess scripting capabilities. The threat actors leveraged cloud-based platform scripts that were transmitted to the on-premise Collectors and executed locally.
These attacks against LogicMonitor's customers are reported to have occurred last week.
LogicMonitor had previously acknowledged "technical abnormalities" impacting customer accounts on its status page, and the company had been actively investigating and addressing the issues. However, in a separate incident report, LogicMonitor indicated that the situation had been resolved.
It has been suggested that weak default passwords assigned by LogicMonitor to new users played a role in the customers' accounts being compromised. These default passwords were automatically assigned to all users created within organizations until they were changed.
A LogicMonitor customer noted that the company had proactively reached out to inform them of a potential username/password breach, which could lead to ransomware attacks on systems monitored by LogicMonitor.
LogicMonitor has not provided any additional information, including details on the number of affected customers and the extent of the attackers' infiltration into the company's systems. Customers have also expressed frustration with the limited information being shared by LogicMonitor.
