Insights

Xenotime, the hacker group that was first observed in 2017 when it sabotaged the safety equipment of an oil refinery in Saudi Arabia. At the time, it was able to access the ICS portion of the network through traditional lateral movement. It matters as Triton was designed to be not only destructive but to do so in a way that could harm or kill people. One Information Security group indicated that there are only three groups currently known to focus on this outcome, but Critical Path Security staff have observed more. Though we've worked with Electric Membership Organizations and observed several breaches, we can't definitively tie the incidents to Xenotime.  However, we're confident that their tactics would prove effective. Dragos has stated that "Trisis has been observed doing some of the slow, deliberate groundwork to launch an attack.". We believe that Industrial Control Systems are experiencing increased attacks due to…

As we've seen an increase on attacks against WiFi networks, we wanted to take a moment to share some advice for Small Businesses that are currently utilizing WiFi on their campuses. Unlike physical networks, wifi systems can extend beyond the walls of your office. Once the password for access gets out in the world, it is very difficult to control who can access your office network. Therefore, you need to consider implementing some changes and routines that protect you from unwanted guests. You have two major security issues to deal with. The first is that you need to control who can actually get on your network. The second problem is that of the signal footprint. If people outside your office can pick up a signal from your router or wireless access point, they can also capture data, collect unencrypted credentials, and exploit vulnerability systems. Following the suggestions below will greatly…

We couldn't be more excited to announce two new additions to the Critical Path Security team! Virginia Kelley - Senior Accounts Manager / Women In Technology Outreach Virginia has been quietly working behind the scenes in the Information Security industry for nearly a decade.  She is a regular attendee at DEFCON where she volunteered in the Packet Hacking Village two years in a row. Additionally, she led all efforts for Critical Path Security's involvement in BSides Atlanta in 2018 and co-wrote Patrick Kelley's "CyberZoology" presentation, which has been presented over 25 times in 4 countries. She has attended or spoken at several security conferences in the United States and Canada and was most recently published on multiple news sites about becoming an Information Security Professional in a male-dominated field and Mental Illness Advocacy. Virginia Kelley is an incredibly valuable addition to Critical Path Security, where she will have dedicated time…

1,000 of 1,400 employees were sent home and all manufacturing halted as Belgian company ASCO Industries, a key leader in manufacturing components for both civilian and military planes, fell victim to a ransomware attack on June 7. One week later, ASCO describes the incident as a "large-scale ransomware attack". It's important to note that the attack came two months after the European Commission approved the acquisition of the company by US-based Spirit Aerosystems. As ASCO Industries manufactures airplane parts for Airbus, Boeing, Bombardier Aerospace, Lockheed Martin and the new F-35 fighter plane, the impact has been felt around the world. The company has plants in Belgium, Germany, Canada and the US, as well as office representation in Brazil and France. A week later, the plants are still closed and an investigation by external experts seeks to determine the actual damage caused. The infection occurred at the production plant in Belgium,…