 in here. Today, I have for you a couple stories. This talk is more than actually doing the hack, it's telling you from what we are seeing that other people are doing hacking some very important things and some less important things. And, well, yeah, try to give you a bit of that background from the third intelligence perspective. Also to bring up a bit of the discussion of how it's blurring the difference between attacks and privacy and attacks on the physical world. To begin, just a quick background just of where I'm coming from that gives an idea of where this talk is going to be going to. Well, I'm Mexican but I currently live in Netherlands. My background is in third intelligence. So, basically, trying to gather information from different places put all together. And my main specialty is in OT, control systems. I think there are a couple talks also in control systems. So, if you see anything like that, I deeply encourage you, very similar and at the same time a very different world. You're going to see some of the slight differences. But, yeah, that being said, I'll jump straight away into a quick story. So, to make this very dramatic, I decided to start with this story. Basically, I believe June 2020, we saw an event where there were some explosions in Iranian nuclear facilities, reportedly. One of them was Natans, which is known because there was a big cyber attack like 10 years ago. And as this news started happening but when they were publishing, some of the news sources said someone came in, planted a bomb. But some others obviously said this is a cyber attack. It has to be. Whether it's a bomb, it's a cyber attack that goes beyond the stock. But what is interesting in this case is that some people took that very seriously. And so, what they started doing was they said, okay, let's go and hack some things. Let's go and take revenge on these guys that are, you know, doing these cyber attacks against Iran. And those were these guys. These are two specific teams of basically, well, I'm saying teams, it could be one person, it could be a team, it's things that we observe in DARGO forums. Vortex team, an identified team, they published this, what we call HMI, which stands for human-machine interface. That is basically the panel that you see for controlling a physical application, whatever it is. And they said, we compromised this gas system. This is in revenge for what happened a couple of days ago. It's terrible and we're going to blow up something. But then the first question comes out here. Does anyone here know if this is a gas system and or what is a gas system? Which is a very good question. Well, no idea what is a gas system. It could be many things, you know. The point is that the guys weren't entirely sure what they were looking into. So, what we decided to do first is we just go to the tool of your preference. In this case, showdown. We started looking into it to figure out what is it that these guys are looking into. Is it really dangerous? You know, how bad is their revenge? And, of course, we found it based on, we look at a couple of the keywords of the information they shared, something from the image and whatnot. And then we found it. And what it actually was was a kitchen. It was a kitchen, which, I mean, not to blame them. Of course, this system for the kitchens is relatively complex. It does have a logical controller. It does have what they call variable frequency drives, which control how quick some motors are rotating. It does contain basically like the HMI that you saw. And basically, well, I mean, yeah, what they found was a kitchen in Israel. We don't know even if it had impact or not. Of course, we notified the vendor and that is why the image wasn't there anymore. They are already selling the product differently. But anyway, the point in here is you're going to see there are tons of factors trying to do this. Sometimes it's going to be very interesting. Sometimes it's not. And I have stories for both case. But first of all, to describe a bit of the trend or the tendency, what is this all about? And why do I want to even talk about it, right, if it's about kitchens and whatnot? But this is more about what I call the devolution of cyber physical threats. Attention, the evolution I highlight because historically, the first attacks that we saw on a physical type of system where maybe around 2010, they call our attention because it was a nuclear facility. It was very important. Nuclear centrifuges go down. A country or some countries against another country make a big impact. Great. And most of the industry started focusing on that. But over the years, mainly since around 2017, we started seeing more from cyber crime, basically ransomware impacting physical processes, how we can get access to different services and whatnot. And of course, we started seeing different types of financial threats. And recently, we started seeing like an optic in what we call opportunistic type of factors. Basically, activists and whatnot. It can be a single person. It can be a group that are looking actively for this type of internet connected physical systems. And oftentimes, for no reason, like just profit, I want to look cool, I want to do something funny. So this is something that we refer to as low sophistication compromises, just like the fancy intelligence name. But the point to highlight here is three points. They can do it for ideology. That's when we talk about activists, ego, just opportunistic or sometimes financial. And then, well, we're going to mention a bit more of the cases, but how do they actually do this is actually fairly simple, which is the reason why right now we're not going to go super in, it's not going to be super technical, because ironically, most of these attacks are actually super simple. Normally, what you would do is just choose the platform of your preferences to go and scan around. In this case, I mentioned some example of show dance and see some my fofas. It could be Google, could be whatever. And then as long as you know what you're looking for, like some specific keywords, it can be specific for an industry, it can be for, I don't know, in the past case, if you look for dampers, you will have found that image, because dampers are specifically part of the docs where the air was coming from. Then you choose the system that you want to go, then you go, you share it in a forum, and then you say, look how cool I am, I'm going to destroy the world. And then everyone starts caring about it. So it is working very interestingly from a reputational perspective. And so the reason why we started reporting more on this was because around 2020, we developed this timeline. In this timeline, it was, well, we group different types of attacks. We include attacks, some tutorials that they do, like actually telling you how to do it. We're going to show some of those that are fairly simple. They started some of them reconnaissance, just gathering information about a process, how it works, what it is, trying to learn about it. We saw others, when I say another access, it means that sometimes they would just do the compromise and just drop it for no reason at all, or just to say, I don't know, I have access to, I don't know, a fire alarm system. Anyone wants it, and then they go and they offer or they charge a price for it. And then the most concerning is that there are some guys that actually do go and interact with the process, that actually they go and say, like, oh, what's this lever for? What happens if I click here? And most often, when they're complex processes, like if it's in a water facility, or if it's in an energy facility or whatnot, there are going to be different backup mechanisms, safety mechanisms that are going to stop you from actually making a change. But that is not always the case. If it's something more simple, like the heating in your building, then probably they might be able to just change it without any problem. And yeah, so this is the big, the big shift that we started, that we started looking at and increasing the numbers, which we can also show you back with actual real numbers, right? Some people started asking about this. This is this is not a comprehensive sample, you can go and find pretty much more I'm pretty sure it's just, you know, it's in the end, there's as much as you can do in the forums. But we selected a smaller sample of cases that we found interesting to show, you know, these ones were the ones where we validated some of what they were showing that there was something interesting. And different reasons what they were offering. So in some of them, it was like, hey, you know, here's access, go take for it. I just compromise it here's for you, you know, the different ones. And this goes on till 2021. And I recognize we're one year later. So I didn't want to forget that something more relevant would be discussing the most recent. And the point is that one of the big changes that we've seen with this activity is that it started as something that was as let's just go and have fun, let's go and find it, let's go and get reputation. And it has recently switched also into something about, let's go and share some of my world views, let's go and try to defend the cost, let's go and try to support something. And of course, the Ukraine case has come up quite a lot. We have seen a lot of cases that are on different sides, country against country. And at the same time, the ones from before that we're doing, for example, in Israel, or Iran, or specific areas that are normally targeted, they started showing an update. So the next year, when we have our numbers are going to continue going up. They are already going up by now. And we're going to bring some very interesting cases of this because again, some of them are very interesting. There have been actually some news recently, some attacks, for example, particularly in Iran on gas pumps, that was something in the news, very interesting. That could have been as simple as this. But there are also some that are just claiming again, something that has nothing to do. So knowing the background, I feel that's important just to know about the trend. But I think the most interesting actually is to go and take a look at the stories. So I begin with the important stories, the relevant, the ones that actually have had an impact or at least sound a bit concerning, because just for respect to those, they don't get to the funny ones. But this first one actually happened like two weeks ago, I believe. It was an Iranian steel facility, allegedly, this actor, actually, this is the original tweet with the actor came out and pushed, this is what we did. There is a full video showing like the plants, you know, the explodes, they claim to be taking care of the individuals in the plant. And they share this as evidence, let's say it doesn't match their evidence, but that's how they want to play it, that it's one of those machine interfaces. What's interesting about this is, at this point, it's a bit difficult to tell if how did they do it, if it actually is simple, even if they are, if this is a legitimate actor, if this falls into his category. But right now they are using the same tactics that other of these loads of investigation actors, and trying to call attention in a very similar way. So this is one of the first times that we see these attacks having a real impact, and including this type of hacktivism or low sophistication component. Then a second one that was actually from last year, for this one we have already a bit more information, because it already took place some time ago, this one happened in Florida, a small place called Oldsmar, and it was actually reported directly by authorities, they started going some research. And what happened is that an actor just got access to the machine interface that they used for the water. And apparently what they tried to do was to modify the parameters in the water of chemicals that they have. And well, this actually can have an impact also on an individual. The good thing, the good news is that obviously it's a water facility, it's not so simple, it's not like you just click here and everything changes. Normally there are safety mechanisms you have, you would need an actor that actually goes through the entire process of water, understands the different stops and how you would go about it, and these guys instead just went and tried to modify. So for the operator, the person there sitting on the other side, it was very easy to just sit down and say like, okay, nope, not right now. The interesting thing here also, in terms of impact, and that's why I had these random notes, it just, that's actually like a house analysis, it was like as funny as it sounds, my mother is a chemist, and she was very excited when she heard these stories. And she said, I'm going to make an exercise for my students. So this is how you integrate in schools, right? It's like a cyber attack comes and then what would happen? And then the task for the students would be to actually calculate the pH level of the water with this new addition. And actually, well, it should be around seven, the value went up to 13 if the change would have happened. So this could be pretty destructive for your body, as you can imagine. If you really want to know what it does to your body, I would suggest to basically just Google it, and I promise you're going to have nightmares. It could be really horrible. So we went Google dorking, we want to look a bit for this, some of these examples of the HMIs. And the first thing that we found is very quickly, this is a, I'm going to say real image from one of the vendors, third party sources, that make these machine interfaces for this Florida plant. And basically, well, they had these images of how their machine interfaces work. They had all these documentation information. It very likely was the same one that the actor saw based on, like, I have it marked somewhere on, but I can see from here. But basically they have there the specific chemical change that had happened. So we believe that might be the case. We can't tell. But yeah, I mean, like beyond telling if this was directly the HMI, it just gives an idea of how, you know, you can start gathering more information based on like the attack happens, what comes next and try to find it, what the actor might have known before doing the attack. And well, yeah, that's as much. But actually this, one thing that I forgot is that for this specific attack, it wasn't only scanning and finding, but actually they did compromise, apparently reportedly, they compromised one endpoint and then they reused exactly the same password for accessing the machine of the person that was accessing these panels, which normally you do it via something that's called BNC, which I'm going to mention later. Then another case, another big case is this one for Israel. This is actually an advisory that they placed from the government from Israel. I think it was also 2021. And what they were saying is, hey, you know, like be careful. There's an actor that's actually trying to compromise many of our systems. We are not entirely sure what they were, but based on other news and other things we found most likely they were also water, water related. And what was interesting of this case is that it wasn't only actually finding the device and clicking on the button, but actually it was finding the device. And then what they would go and find is what we call a programmable logical controller, PLC. And then they would go and find this PLC and then they would interact with the PLC. They are often connected to internet, not always, but some of them. And then they would change what's called the logic, basically with ladder logic, which is kind of like the programming that you use for the controller. So they went and they used the software for this controller. They switched it and then, you know, that's how the attack happened. What's very interesting of an attack like this is that actually the access is unintended. So the compromise, yeah, there's a compromise, but it's very simple. I'm pretty sure you've heard of people compromising systems without passwords many times. But what was interesting here is actually that change in the PLC logic is something that we hadn't seen, unless it's from actually like a state actor. So basically one of the points in here is, yeah, it's we're seeing that people are learning how to do this. They are learning about these attacks. And well, the more they learn, the more we see them, the more concerning they become. So, well, this is just the specific techniques. If you're into some people love watching it just like the MITRE version of the techniques, basically initial access just connecting internet accessible PLC. Then they use a specific common ports. If anyone here is familiar with this type of industrial applications, there are some ports that you're going to see here that immediately you're going to say 102, it's Siemens products, the same and blah, blah, blah. You're going to see multiple, it's in most, it's anything from building automation to a nuclear plant, to a energy facility, to it's going to be, you know, it's one of the most used. And another one from GE, General Electric. Again, you see these vendors often mentioned in there. And well, there's what I mentioned, use the software, modify the logic and then modify what the controller is actually doing. Now, this brings a big question about it and it's just going to open the door actually to more and more and more cases, which is to what extent can we call this, well, there was this question of activism, right? Like there's some activism component, does it mean it actually has to be considered positive because there is like this opinion ideology, but then what they're doing actually, there's like this thin barrier where it's not anymore like in the past about let's go and compromise a website and make a message. But actually let's go and let's mess up with something physical. So yeah, that's one of the concerns that we have but other guys that claim themselves to be to follow us as you know, so how activists are have been doing this other type of acts. This one's I can go through them much quicker. It's this one actually controls a dam, like a small dam. The other one that you see here is actually for solar panels. This is from a different entirely different groups and what they did instead was to just go deploy the scanners and then they sent us a bunch of IP addresses. They say all of these systems are unprotected. Just go play with them. They share it in the forum and then, you know, whoever wants to go someplace with them. As you can tell, there's just like estimating what those are. You can see there's some water, there's a water tank. Some of them might be gates, might be alarm systems, might be building automation, might be anything. So very simple to more complex. And others are also doing their homework. So like the one side showed a second ago that they were, you know, making mistakes. These others actually are started to share not only the screen or what they have access to, but actually doing some research on the process itself. So these two images, ironically, I mean, it's not as complicated as you think to find them because literally they got them from Encyclopedia Britannica. And they posted there like their homework, and then they posted the panels that they found. Some examples, one interesting thing here is that these are like, like directly the panels for management for controllers instead of the human-machine interfaces that are more visual. And yeah, I mean, like it's just another type of actor yet. And this is a fun one also. This one is other actors that what they do is they go and share videos, look at what I'm doing, look where I clicked. I hope that they're going to have a terrible time. And this one is for actually they had like a long video where they got access to systems of a big known hotel in Australia. And they started showing how they play with temperature with their conditioning with the water with but not who knows, you know, maybe they had some angry guests that day. But I guess that's we will never know. But yeah, that shows one of one of the direct impacts like on a business level. But so I mean, like I promised, I brought first the bad cases, the ones where where I say, yeah, there can be an impact. And then I'm going to go back to the ones where I say, it's nothing, you know, don't worry, but I'm going to get a bit more into the opinions about that. For now, the only thing I have to point out is that thanks to this guy, he actually allowed us to use his image, obviously for not profit reasons. But yeah, just one of my favorites. So amateurs, let's talk about the funny cases that I was mentioning. This first one, I already mentioned it is the kitchen. As I mentioned, you get the gas systems that actually are a kitchen, but it's our favorite. Then you go to the second one. The second one is actually one of my favorite guys. He's actually a Latin American guy, fairly clear about what they do and what they want to do. So actually, this guy actually claims to have an intelligence company. His intelligence company is a website, basically where they offer dumps and leaks and, you know, tons of things. I don't know if they make money or not or whatever. But you know, what's interesting is that most of the offerings from this person are actually quite open. You don't have to even go really into dark web forums or anything. Often you can find it. Here's an example. Just using some darking, we went and found what this guy was sending. We have this map that shows from all the different compromises that come out. And the clarification of why I play this individual in here is because even though I mean there is clearly a capability of doing different hacks and whatnot, normally the estimation of the impact or what it is is quite different from reality. So whenever we see this account posting something, they might say I had access to SCADA systems and what they actually had access to is maybe a SQL database or maybe the backend for websites. And then you actually go, validate and you see that actually, you know, the product that's being sold has a very big difference from what is being claimed. Yet, very prolific. This one is even cooler. This is actually a specific group of actors. They shared this control. They said it's a control for a German train. And it was for a German but for a German model train. So it's very funny because I mean, of course, to be fair, to be entirely fair, when you look at the human machine interfaces from a couple minutes ago, they do look like video games from the 80s, right? I mean normally they are not made to be beautiful. They are made to be useful. They are made with an engineering mindset that says this is how the diagram looks. It has to be useful. You have to understand it engineer that's all. So, you know, you see this, I could see in some dimension it might control train, but actually if you see the two small trains might have given a hint. What we do is just reverse image lookup and then that's how we connected to what it actually was. And then the final example of this is the most one of the newest ones that we've seen. This actor is actually interested in, it's trying to push some political messages, not actually this is more within a country. This is something more specific, very interesting case. And what they started doing is just pulling all these IP addresses from internet connected assets. And then they go, they push them, they give you a list of what it is, you know, like kind of like looking, it's very interesting. But a couple of those were kind of funny. This one is the most interesting one that it says it's a refinery. As you can see there, I mean it has the IP address, I just blanked it for obvious reasons. Mentioned the report 5900, which is the BNC, which are these connections, these remote connections for viewing. And there, when we actually went to look what it was, and we started doing some research, we go into this website that is basically a farming system. So from our refinery, it's actually a feeder. In this case, we knew it was for pigs, but it could be for horses, cows, you know, in case you're in need of one. And yeah, so those were examples of where, you know, they have gone with some random funny choices. But yeah, so let's talk right now a bit about like nailing down how say like your own findings. It's like, okay, I discuss a lot of what they are doing, how it works. As I mentioned, this is super simple, so I can share some of the simple ideas of basically what they are doing, in case you ever want to experiment and just highlighting this experiment as long as you do it in a non-harmful way and you notify the individual might be actually fairly useful from a security perspective. So for this, you know, like super quick walkthrough, this is a five minute walkthrough that I brought, it just, I want to look for this alert. It happened in the beginning of the, when it was a Ukraine conflict, I don't know if it was tied or something, it's US government. But they share this and they say there are UPS devices, it's basically what you use when the power goes out, you know, it comes, it can be as simple as what you have in your computer, in your house, but it can be also as complex as what they have in an engineering facility or what not, right? And basically, well, basically what this alert said is just like we've found some connected to internet, there were some compromises someone reported to us, please disconnect them, you know, I highlight this solution because it's great, it's just like we found them, so please disconnect them, solution. It's an easy solution, but so, I mean, if you're interested in following up on this, for example, just go and check the first thing I would go, like the thought process would be to actually look into UPS. UPS is something that you might be more familiar with, but when you go into the engineering processes, it can be super specific. So my suggestion is always looking into that specific engineering process, learning a bit about what it does, like in the first image, if they had looked at damper, and then if you want to damper is, then you see it's a docked, then you see the docked can be connected to where it's used, and that's how you start connecting what they're actually doing. In this case, the first things immediately bring UPS. The most common was APC, so I decided to go for that and in Netherlands because we were here. Amherst Fort is very close. So I just said, OK, let's see what they have in Amherst Fort. And then this is how the actor, these actors could have verified by taking a couple of minutes and looking at all the banners. And this is also what helps you go and do more interesting searches. If you go, because all of these search engines, what they do is actually go and look into the banners and then from there you actually query and then from there you actually start seeing what actually you can have access to. So yeah, in this case, I mean, you get the model, you get the firmware if you wanted to check for vulnerabilities, for example, you get an image, what it is. And in this case, it was from a small store. We're not going to bother them. But yeah. If you see, however, there are other more interesting, as I said, this is just a very quick exercise, just like to show a bit like the logic really, not much more than that. If you want to see other type of things that are compromised, this is for IP cameras. And I added 200 OK, so that we see only the ones that we can actually reach out to. They might still have password, but you can also add other filters, of course, as long as they are in the banners. And this is the amount of cameras that were exposed. Now, in specifically Netherlands. Now, the point is, I had like, this is 22 and before there's no data, this might be something about the platform, the provider. It doesn't mean that there were no cameras and suddenly everyone added them in 2022. So given that this is just like a very simple type of not really tutorial, but just like walking through the logic. If you want more, then I can share some of the hacktivist ones, because those guys actually do get more specific, right? This specific one, all of them say the same. That's also something interesting. So it's either they are like sharing from one or learning from each other. And every time one learns, the other guys start catching up. So this first one, what I had interesting is just that actually it adds that description of like, let's look into the process, what it does. And specifically, they show how to find this gas liquid system using one of the platforms that I was mentioning. And this one actually was interesting, because it was probably, I don't know, some people here might be able to read this, not me, but it was specifically from in Greek. And they were actually asking to go and attack any Turkish type of systems. So that's the reason why they are sharing this. This is another one. This one didn't have a specific target, but it was, I thought it was good to just enumerate it much easier. And basically, as simple as how they do it, they share a specific free service, Ultra BNC. You go to, in this case, they decided to show that, but it could be show that, sense is for whatever. You go, you add your query for what you're searching for it. These guys specifically tell you already for BNCs, especially for machine interfaces that are connected. That's why they provide already the ports in there. And then copy the IPs, paste them in Ultra BNC, and then you're going to see all your HMI's. That is the easiest way that you can go and do this. This scans massively. Again, I would suggest that if you do this, just don't go and poke anything in there. It's better to just go and notify, because yeah, there's a ton of vendors that are still doing this. And then, of course, we have researchers, like beyond the tool, how to learn about this, you can also just go and look at some of the research that has been done. Actually, all of these platforms, they were discussed for in control systems world for policies 2010, 11, blah, blah. So right now, actually, everyone in that group is already like super familiar. It's kind of like a daily type of tooling. And well, you can go directly to the platforms, offer some of these guidance. They tell you what to look for, how to look for it. You can go, for example, this video that you have here is a video from a researcher that just went and automated the same process that the other researchers, that the activists were doing with UltraVNC. And then the last one, it's something that really impressed me. I just found it recently, but it's actually a secured researcher that published this guidance a couple days ago. And it's like, go and find all the vulnerable sites of this country. So that's why I mentioned, kind of like the nuances between research and activism I would add. More in researchers, these are actually just some small group. I believe they were students. It's a bit unclear, but basically just build this script to go and find what's called tank gorges, which is basically when you have, for example, a gas tank or a water tank, it measures the amount of liquid you have, and it measures the temperature, it measures the pressure, and it basically, you can also change the amounts that it has of different liquids. Then, well, the tools, we've shown them quite a lot. And no tools. The last tip that I have, OK, I'm not going to do that. And then the last tip that they have is, basically, you can just literally go to Google and as long as you know what to look for. This is a specific type of controllers, for example, as long as you know what the controllers are going to bring back, it's fairly easy to go and find them. So to grab this up, the last thing that I wanted to bring, I think it's going to be a bit quicker than expected. What I really wanted to bring in here is the discussion, right? Like the cases are super fun. They're interesting. It's good to see what's going on. But the most important thing here is the implications. And this is actually interesting because in the world of control systems, most people saw this as, I don't care, it's not relevant. I mean, it's very, you know, it's difficult. It's never going to grow. And then it started growing. And if we see it from an IT perspective, it's not a sexy topic because, you know, like the compromises are so simple that some people, if they even want to talk about this, would be like, oh, you know, how do I talk about this? It wasn't internet. I like, yeah, but they need to have it there because it's part of their process. And assuming that it's going to keep on being there, then what can we do about it? If you have any ideas, if you have any research for finding this, for how to help organizations, mainly when they have less research to go and protect the systems, it would be actually something very impactful. So the big question here was, is this actually a risk, you know, for cyber physical systems, for the applications, for what we're using? And then we have a couple of things in here. And the first one is, yes, in the sense that it gives opportunities for people to learn about how to access the systems. What we saw five years ago was much more simple than one we're seeing. What we saw last week about the Iranian steel facility, what we saw in Florida, are cases that are getting a bit, you know, across the line into being funny to actually being something that, you know, is impactful. The second thing is, in terms of intrusions, the more they are, the more impactful. Just another thing we have to worry about. No one wants that. And then the third and last one is the publicity. And this is actually my favorite thing in here, in terms of discussion, which is, this encourages other actors to do it because no one is actually caring and no one's actually doing anything to stop it. If you have a ransomware gang and they go and they deploy ransom and then, you know, ex-government finds them goals and stops them, that is one thing. But if you go and poke into one of the systems, no one's gonna look for you, no one's gonna do anything at you, they don't care. So that is a big point because if it becomes something that is not relevant, then, you know, ironically it becomes relevant. So, someone is actually noticing this besides from the actual actors engaging in this, besides from the activists and whatnot. And it is actually governments, which is a very scary thing. This image is real, it's from an article that also with Mandiant, they were analyzing. And it was a document that was leaked of a specific plan attributed to possibly government of Iran. Well, not specifically the government, but it's believed that there were some relations and it seemed that it was affirmed just doing some, how do I say, consulting. And what they did is full research of what you just saw presented right now and they were saying, what can you do if you go and use these tools? And what can you find that is exposed? How can you go and attack it? And this image actually is literally the same type of research what has been argued on the research perspective is that for example, if you go and modify some of the systems that define how much cargo there are in the sides of the ship, then you can make a ship go to the side and eventually trip. This is a research it has never happened, but that's the point. That's the type of, basically some people are taking this research very seriously and therefore it can become much more impactful. But to close this, the good news, the good thing, the bright side is to finish on a cozy note is that so far we haven't seen any big physical impact. The closest we had is that case from a couple of weeks ago. So actually this slide was there before two weeks ago. So now probably we have, we don't know yet. But most often there is little risk of impact. Most often it has been just minor compromises. I hope no one of you has lost your power or the light or anything because of this. And at least we have some time to start thinking about it and see what we can do about it. And yeah, I mean, if any one of you gets more interested, please feel free to reach out. We'll be super happy to have more heads looking at this problem. And that's all from my side. Thank you. I hope you find this useful. And yeah, that's all from my side. So we've got time for a few questions. Do you know how many questions? I've got one actually. Whose responsibility do you see it being to fix the problem? Do you see it as being the manufacturers or the people who deploy this different systems to secure them? Well, there's many different responses to that. Actually, first of all, there is work that is being done by the manufacturers because before security for control systems was treated as something that you can't have access, you can't have visibility to it, so you don't need it. And recently it's becoming something more of, you know, you actually need to do it from design. So there are some organizations trying to work right now on how to incorporate that in the design process of engineering, building different frameworks. Then it's also the user. The problem is that oftentimes there are organizations that have no real budget for security, in which case, if it's a very small organization, they're not even gonna think about this, but it's definitely their responsibility. And on the security side, of course, I mean, yeah, on our side is more of the research, more of the pulling, more of the letting them know, awareness and sharing. It's a shared responsibility, I would say. For the little shop with the UPS, did you contact them and told them to secure it? Did you find that one or? No, no, that was super quick. That's something I still have to do. Yeah. I didn't go to look into which store it was as well, because I didn't want to click on their stuff. But yeah. Anyone else got any other questions at the moment? No? Cool. Okay, thank you for coming. Thank you. Thank you very much. Thank you.