Cloud infrastructure monitoring company LogicMonitor has confirmed that a small number of its software-as-a-service platform users were hit with cyberattacks involving ransomware.
The LogicMonitor platform provides IT observability and monitoring for physical, virtual, and cloud-based IT infrastructures. According to the company, its solution is used by more than 2,000 organizations worldwide.
It appears the attacks took place last week, around the same time LogicMonitor reported “technical abnormalities” impacting its customers.
“LogicMonitor has identified loss of portal access for a subset of customers in us-west-2, us-east-1 and eu-west-1. Team has identified the problem, and we are working to fix the issue,” the company said. “LogicMonitor is currently working on restoring time-series data for trial/demo customer portals located in the US-WEST region. Trial/demo customer portals in the EU-WEST and US-EAST region that were impacted earlier have now been restored and are fully accessible.”
Citing sources familiar with the matter, BleepingComputer reported that the hackers breached customer accounts and “were able to create local accounts and deploy ransomware.” The ransomware was deployed using the platform's on-premise LogicMonitor Collector sensors, with attackers locally executing scripts deployed from the SaaS platform.
Meanwhile, another source told TechCrunch that the company assigned its customers’ accounts default weak passwords during the initial setup and never required them to be changed.
“When you set up an account with [LogicMonitor], they define a default password and all user accounts for your organization/account are made with that password,” the source said. “They also didn’t require the changes, nor were they temporary passwords, until this week. Now the setup password lasts 30 days and must be changed on first login.”
After learning about the intrusions LogicMonitor reached out to customers to warn them that the breach could result in a ransomware attack.
LogicMonitor’s spokesperson confirmed the incident and said it impacted a small number of customers.
“We are in direct communication and working closely with those customers to take appropriate measures to mitigate the impact,” the spokesperson said.