View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 7, 2020updated 08 Sep 2020 9:52am

Quis Custodiet? Another SOC Provider Gets Hit by Ransomware

"We are working closely with third-party forensic investigators..."

By CBR Staff Writer

Cygilant, a Boston-based security firm, boasts “enterprise-class Security-as-a-Service for threat detection, response and compliance so you can sleep at night.”

Its own incident response team is unlikely to have slept well over the weekend, after the company itself fell victim to an apparent Netwalker ransomware attack.

Cygilant runs a Security Operations Centre (SOC) for predominantly mid-sized businesses, among other security services. It was founded in 2001 and has raised a total of $34 million in funding over eight rounds, Crunchbase data shows.

Cygilant Hacked: Docs Posted by NetWalker

It acknowledged the attack publicly on September 4, after screenshots of internal documents were posted to a site on the dark web associated with the Netwalker group. The intrusion vector and extent of the compromise are unclear.

(Netwalker intrusions typically start via exploitation of outdated server software like Weblogic or Tomcat, or phishing attacks, Sophos analysis shows. Among the threat group’s recent wins: a $1 million payout by the University of California).

Christina Lattuca, Cygilant’s chief financial officer, said the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”

“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Images shared to a dark web site by NetWalker affiliates.

Brett Callow, who tracks ransomware attacks at his security firm Emsisoft, said documents confirming the incident had been removed from the Netwalker page over the weekend, suggesting negotiations had started with the group — or perhaps that a ransom had been paid.

Cygilant is far from the only SOC or indeed broader IT services provider to fall victim to ransomware over the past year. Everis, one of the largest managed service providers in Spain was infected with a version of the BitPaymer ransomware in November; fellow Spanish security firm Prosegur, which runs six SOCs, was hit by Ryuk the same month.

Security firm Trend Micro meanwhile saw a limited breach in early 2019, while Avast suffered a sophisticated breach in October 2019 by unknown attackers.

In April 2020, meanwhile, US IT services heavyweight Cognizant — a $16.8 billion by 2019 revenue stalwart of the Fortune 500 — admitted that a Maze ransomware attack had hit internal systems and was causing service disruption for clients.

Managed service providers across any industry segment (fintech, IT services, etc.) are an alluring target for ransomware crews: the downstream pressure from customers when services are knocked out builds huge pressure on such companies to resolve the incident fast, heightening the likelihood of a payout for criminals.

See also: This Security Company Tried to Hack Itself; Here’s What Happened… 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.