Insights

Events

CRISP Spring Workshop – Gaining Insight with Zeek – May 10 & 11, 2022

AgendaEvent Location: Discovery Hall at PNNL650 Horn Rapids RoadRichland, WA 99354Format: In-person (registered attendees only); remote dial-in not available Course SyllabusInstructor: Patrick KelleyCourse Web: https://www.criticalpathsecurity.comCourse DescriptionZeek is a great open-source tool that allows you to monitor your network and analyze events within it. Thiscourse will teach you about this tool, and how to configure and use it within your network to suit your needs.More Information

0 Comments
May 5, 2022
Events

CTO, Rick Hudson, speaks at Alabama Rural Electric Association 2022 IT Conference

On Wednesday, April 6th we spoke at the Alabama Rural Electric Association of Cooperatives (AREA) conference to the IT leadership in attendance. Our topic was how to leverage Zeek to prevent a catastrophic event. In the talk we started with a bit of history and how malware, ransomware, and threat actors have evolved over the years; and how their tactics have transformed and become all but invisible to the naked eye. We also spoke about how the problems of our audience were vastly different from most other companies in that they were both supporting the Nation's Critical Infrastructure as well as they are also supporting technologies in their SCADA systems, of which many were developed with a 20-year lifecycle.   Today threats and threat actors are changing their mode of operations by the minute and many of today's tools cannot or should not be used on the IC networks. By…

0 Comments
April 11, 2022
Insights

Founder, Patrick Kelley, interviewed by NBC/11Alive

"My initial reaction was: 'they're doomed,'" cybersecurity expert Patrick Kelley, founder of Critical Path Security, said. Kelley said he was surprised to see funding for Atlanta Information Management drop since the 2018 ransomware attack, based on a report shared with the city's finance committee on March 30. "Most cybersecurity plans are built on a five-year maturity model," Kelley said. "We're not even four years after the recovery of the ransomware event that cost the city millions of dollars." Given limited resources, Kelley said local governments are already at a disadvantage compared to large corporations when it comes to technology funding. "They have to operate with the lowest amount of money that they can possibly get," Kelley said of the challenges, "And have to do the most that they can with it." Yet, he said resources and response time are critical. According to Kelley, it only takes five to six minutes…

Comments Off on Founder, Patrick Kelley, interviewed by NBC/11Alive
April 9, 2022
Insights

The Okta Breach: What You Should Be Doing

On March 22, 2022, the threat group LAPSUS$ announced the compromise of Okta. Okta is an enterprise-grade Multi-Factor and Identity and Access Management (IAM). Recently, the LAPSUS$ group has made statements of breaching high-value targets, but has provided very little evidence of being successful into those attacks. It is now known that the attack on Okta was successful and approximately 366 customers were impacted. Though the details of the attack are still quite limited, what we know is that this attack was likely successful due to phishing or the acquisition of credentials through the bribing of an internal employee. Regardless of the method, based on the screenshots shared by the attacker, it appears that a third-party support engineer's laptop was compromised and legitimate access was used. At this time, we recommend the following actions: Review Okta System logs for unusual "Reset Multifactor" events. Review Okta system logs for unusual "Reset…

Comments Off on The Okta Breach: What You Should Be Doing
March 24, 2022