Insights

Kaitlyn Ross, Reporter for 11 Alive, caught up with Patrick Kelley, Chief Technology Officer of Critical Path Security, on Tuesday to discuss the most recent ransomware attack on the City of Atlanta. "Just because a ransom wasn't paid, doesn't mean that the means of doing it has gone away. We will continue to see this evolution of attacks and then how to battle those attacks," Patrick Kelley, Chief Technology Officer with Critical Path Security said. "Once ransomware lands on a machine, if you don't have the key to decrypt those files, they're effectively gone," Kelley said. "The math and the effort required computationally to break that crypto is just not available. So they would wipe those environments entirely and go from there." Patrick Kelley expands on conversation above with the following statement. The primary message is you have to respect the problem you are trying to solve. It isn't as…

Last evening, it was announced that the City of Atlanta has been hacked and the threat actors have encrypted some city data. According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screenshot of a ransomware message demanding a payment of $51,000 to provide all the keys for affected systems. Employees are also receiving emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. Based on the early information, it seems that malware, called "Samsam" by Talos, was leveraged in the attack. Once the malware had a foothold on a server, it spreads to Windows machines on the same network. It also seems to be affecting payroll systems, as well. However, Atlanta officials have informed employees that they can fill out paper timesheets. A very short time ago, Critical Path Security worked with a government agency…

Security research firm CTS has disclosed four critical flaws in AMD’s latest CPU models based on the ZEN architecture: Ryzen and EPYC. Ironically enough the Secure Processor located on the main CPU is the source of the vulnerability. While the firm’s motivation is under some scrutiny due to poor reporting practices, the vulnerabilities appear to be real enough with some terrifying implications. Usually, a compromised machine can be cleaned of the infection and defended again with the appropriate patches or software upgrades. Not anymore. Three of the flaws, dubbed Ryzenfall, Fallout, and Masterkey, allow an attacker to plant malware in a “secure enclave” thereby skipping all detection and other security controls such as Microsoft’s Credential Guard, Virtualization based Security, and AMD’s own firmware Trusted Platform Module (fTPM), or they can just brick your motherboard. The flaws use the fact that the BIOS validation program can be tricked into believing a…

The New York Department of Financial Services announced a new cybersecurity regulation (23 NYCRR 500), on March 1st, 2017, due to the increase of consistency and sophistication of cyber attacks over recent years. In fairness, much of the requirements are “standard issue” in most compliance frameworks, lack of adherence to applicable New York businesses will result in fines.  Even with continual extensions, the deadline for compliance was set as February 15, 2018. Like other initiatives, such as DFARS and PTC, we are seeing entities struggle to meet the requirements. As an IT Professional or business in the financial industry, a whole new level of responsibility has been forced onto your shoulders, whether based in New York or in a company that operates within the State. For most Security Professionals, this will be “business as usual” as the majority of the requirements are clearly defined in NIST 800 documents.  In short,…