LogicMonitor Portal Security
These articles: https://techcrunch.com/2023/08/31/logicmonitor-customers-hit-by-hackers-because-of-default-passwords/?guccounter=1 https://www.bleepingcomputer.com/news/security/logicmonitor-customers-hacked-in-reported-ransomware-attacks/ ...indicate that some LogicMonitor accounts may have had weak default passwords applied and become compromised. Until we have an official word from LogicMonitor, may I suggest that all LogicMonitor administrators: Delete or suspend any users that should not be in your system Ensurethat no “out of the box” accounts are Active (including the lmsupport account) You should set this account to “Suspended” until we have word that this account is not affected Note that unless this account is Active, LogicMonitor Support cannot access your portal Enable2FA for ALL users I mean,you did that already, right? RIGHT? IMPORTANT: You need to do this for administrator users,even ifyou have SSO Ensure that any user that has not logged in recently (say for 60 days) is either deleted or set to Suspended IMPORTANT:Revoke administrator/manager rights from anyone that does not absolutely need them The recommendation is 2 users per LogicMonitor portal If you don’t recognise a user, seriously consider setting it to Suspended Be cautious of System Integration accounts - you may disrupt these if you are not careful If a system has access, ensure that this via an API user, not an Access Token on a named person. I will update this post with other suggestions as they are made.Solved1.2KViews19likes8Comments
