Supply Chain Breaches and OT/IoT Scenarios
Webinar Transcript | Air Date August 16, 2022
Watch the Webinar | Read the Blog Post
Christopher Beier:
I wanted to thank you for joining us today and really is the last of our Seize The Breach Webinar Series around supply chain breaches and other OT/IoT scenarios. Today with international sourcing, the mixture of proprietary and open source code. The enormous variability in vendor practices, securing your supply chains is really, really difficult. The list of supply chain attacks, and we’ll go through some of them in this presentation is pretty long and infamous. And this applies to hardware as well. You know, peripherals, networking equipment, other IoT devices, but in the end, the commonality of all these attacks that will go through is the compromise of credentials and authentication followed by the abuses of network privileges and the infamous SolarWinds attack.
One of the things that really sparked the latest interest in supply chains back in December 2020, this was devastating because of its reach extending to several federal agencies, a lot of critical infrastructure entities, more than a hundred private sector organizations. It’s important to understand that this sophisticated attack was made virtually invisible unless you had the tools to uncover user behavior. But first let me introduce myself. My name is Christopher Beier. I’m a senior product marketing manager here at Exabeam. I spent 12 years in the Navy, US Navy as an IT and A submarine. And I’ve enjoyed a 25 year career in cybersecurity working for several high profile companies, which you can see.
Now, let’s talk about supply chain risk. Bad actors have been looking to make an easy buck for a long time, and they want to do it with the least amount of resistance. So one of the bigger opportunities is supply chain attacks, and these supply chains are obviously on the radar for a lot of these groups. The landscape is getting even more complicated when we think that nine out of 10 companies are leveraging open source software projects. Add to that the growing use of the internet of things for cars and smart devices, appliances, door locks, thermostats, all its growth in IoT in industries like healthcare and in energy, you have a never ending expansion of the attack surface. It’s almost in every organization. It’s essential that organizations’ review their cybersecurity requirements, gain visibility into their supply chain dependencies and be prepared with modern tools and practices to help prevent future supply chain attacks.
But I want to be clear, what kind of supply chains am I really talking about here? It’s about software supply chains. It’s about the act of securing the components, activities, and practices involved with the creation deployment of your software. The widespread campaign of software supply chain attacks that’s become known as SolarWinds, right? And unofficially elevated software supply chain security to the top of a lot of people’s minds, both in government and private sector. Subsequent events like Log4j has a vulnerability underscore that software supply chains are real. If you take a look at a recent survey, the 2021 state of the software supply chain survey, the top four open source ecosystems released a combined six million new versions.
That’s a lot of software potential vulnerabilities that you have to go through. And as we looked at those vulnerabilities, 29% of those projects did contain known vulnerabilities. But if you’re thinking that software supply chain threats and attacks are a new problem, they’re really not. In fact, software supply chains have been with us for many years, decades even, though they haven’t always demanded the kind of attention and response that they’re getting now. So let’s take a brief look at what we’ve seen over the last decade or so. And we’ll try to spare some of the gory details here, but I think it’s important to understand how some of these attacks worked and what the result was. Starting in 2011, where an attacker compromise RSA seed warehouse for the secure ID tokens.
You probably remember this attack. Allowing attackers to cologne and break into other systems leveraging secure ID tokens. The attack was delivered via Spearfish with an attachment about recruitment plans from an HR partner. They use a zero day Adobe flash player vulnerability to drop a poison IV rat, probably remember that happening. Of course, infamous target attack coming through the HVAC company for the heating ventilation, allowed access to target, hacker target server and placed malware on the point of sale systems. If you look a little even closer to that attack, they waited for an update for the point of sale systems. They were inside the target for a very long time. And part of what they did is they allowed an update to be tested, changed the package for that update to include their attack, and then target basically updated themselves with the attack.
Of course, the results were compromised over 40 million credit cards and debit cards, 18.5 million in settlement claims, and untold reputation damage. Target even estimated that they’ve had over 200 million worth of impact, right? CCleaner, I don’t know if you’re familiar with this one, March 2017. And again, this is a highly popular piece of software compromised included the backdoor ShadowPad in which they breached via stolen credentials. They installed ShadowPad malware to affect software distribution systems. And these binaries were legitimately signed because they had the credentials. Allowed the attacker to record keystrokes and other password stealer things, 2.27 million compromised downloads, and 1.65 million communicated with their commander control servers. The Asus attack. Again, this was another update service delivered malware to thousands of customers, impacted over a half a million computers. Targeted 600 specific computers via Mac addresses. So these folks are really looking for access to certain areas.
You know, operation ShadowHammer had similarities to ShadowPad. And it’s the same group that was linked to the CCleaner attack. Of course, we’re going to talk a little bit about SolarWinds and just remind you what happened there. The sun burst malicious code deployed by SolarWinds, widely trusted software over a hundred thousand customers. It impacted some 18,000 customers, but the malware waited 12 days before executing and started initiating its schematic control communication. They had 264 days from malware compilation to when it was detected. So again, long dwell time for the SolarWinds attack. And of course, some very high value customers out there. And finally, Log4j, that’s the latest software supply chain vulnerability. Log4j was a logging utility used by nearly every cloud service and enterprise, which allowed folks to gain access to a significant level of servers and threat landscape.
As we look at all these types of attacks, the lengthening software supply chain has dramatically increased the intact surface that skilled cyber criminals are taking advantage of. Software publishers today are concerned not only about the delivery of features on time, but they should also be concerned about whether their software is going to make the next headlines as the next supply chain attack. And we take a look at various risks here, here’s the top four supply chain risks that we’ve learned from these types of attacks, starting with third-party risk. It’s an unfortunate reality that impacting supply chain, cyber security, that your third-party vendors maybe are not taking it as seriously as you do. For example, in a recent survey, only 51% of respondents reported their companies can protect their software from a third-party risk when using open source or commercial solutions.
This is a worrying statistic to me as a threat environment is ever increasing, and cyber criminals are taking advantage of a lot of software dependencies. It’s even more concerning when one considers that the reliance on third-party and open source software will only continue to grow. In the same survey, I found another concerning statistic that if you have the ability to detect whether somebody is tampered with your software within your supply chain, only 37% of those respondents said yes. Digital risks pose yet another threat to supply chains is unavoidable that as we’re going online, as we’re transforming digitally, the more digital solutions you add to your ecosystem, the more potential gateways cyber criminals have. These exposures have caused several software vulnerabilities, zero day attacks, and if you overlook what you’re putting into your environment, you’re subject to ransomware attacks or other security breaches, process disruptions, non-compliance with your regulatory standards.
So it’s again a growing threat as we see the threat growing. Supplier fraud, I found this history, it’s a little bit off topic from just this software supply chains, but it’s one of those things that has taken center stage when you receive those emails. So supplier fraud or vendor fraud is when a cyber criminal is claiming to be a known retailer, request a change to their payment process, they even identify them themselves via social engineering techniques, AI generated voice mails is a bigger one, the phishing attacks and even deep fake video recordings. So if you received any of these messages, hey, if you only change it to this account, we’ll be able to accept your payment. This is part of the threats that are against our supply chains.
At the same time fraud events impacting the global supply chains aren’t limited to just suppliers. The growing number of data breaches and other events called by third-party vendors, falling victim to various social engineering attacks, fraud is still on the rise and it’s prevalent and a problem. According to the Federal Trade Commission, Americans lost 5.8 billion to fraud in 2021 and an increase of 2.4 billion, with a B, since 2000. And then finally data integrity is one of those other areas that we need to be aware of as supply chain risk. Data integrity throughout the supply chain is significant area of concern, security measure should ensure all data states are secure, whether it’s in rest or in motion, encryption practices are especially important between third party integrations, because the hackers already know, and they’re targeting your third party vendors because they likely have access to that sensitive data.
Now let’s take a look at the next step here is the IoT types of attacks. I’m certainly not going to go through all of these as we did with supply chains, but a couple of early ones I want to make you aware of just in case we forgot. One of the first industrial cyber security incidents that noted publicly happened in 2000 where a privileged insider, again somebody with credentials, gained unauthorized system access and maliciously interacted with a system in Australia causing a very large spill of untreated sewer water into the Morayshire Shire River in Australia. In 2003, the Slammer worm caused unintended loss of visibility to the Davis-Besse nuclear plant. In 2010, we know of Iran’s nuclear facilities and a zero day attack that happened there, know the results was a physical destruction of their Centri fusses.
We all know that one as Stuxnet. In 2015, Ukraine suffered a power outage due to a cyber attack. And later in Saudi Arabia, first known instance of vulnerability and emergency shutdown device, Saudi Arabia suffered an attack as well. Obviously, multiple instances of ransomware, wiper wear and other attacks have occurred globally. What you need to understand about these attacks and many of these attacks required specialized knowledge of the organizations or of the industrial devices, but in a note, in a recent article by Mandiant, most of these attacks were executed through endpoints in commodity systems. While we’re dealing with these attacks worldwide spending on IoT security was expected to reach 3.1 billion, again, with a B, in 2021, and noted by another security vendor as many as 5,200 cyber attacks were launched against IoT devices each month.
If we look at the risks associated with IoT, according to a recent state of the enterprise IoT security for north America study, that was commissioned by Armas, 67% of enterprises have experienced an IoT security incident. Let’s take a look at some of these threats for 2022. Number one is unencrypted data storage, IoT devices collect a huge amount of valuable data throughout the day, much of which is stored in the cloud. This data can make IoT devices, a great target for hackers and other cyber criminals. So it’s essential that we store that the data, whatever they’re collecting securely. It’s also important that whenever that data is transferred between devices, it’s also done securely, ideally across an encrypted connection. Unfortunately, many IoT devices do not yet have the reliable firewalls and other security features, which leaves this data very vulnerable.
The second threat here is financial information. Talk about things that are being collected by some of these devices. Some IoT devices have access to the users financial information. When these devices have access to these types of things like credit card information or bank account information, they quickly become for hackers. In the third risk here is those devices that have access to your physical property. Another huge security risk to consider is the fact that some IoT devices are often connected to the physical property in some way. So if they can turn off those cameras, undo the locks, that leaves that physical location open. And one of the last couple here, one that warms my heart of it is the weak passwords and ID verification.
We have to really understand what these devices are doing within our network, but more importantly, how do people gain access to them? A strong password is essential for protecting these devices. Unfortunately, many IoT devices are not password protected, even if they are password protected devices, many users choose options that are very, very simple, easy to guess that leaves your IoT devices very vulnerable to hackers. And there’s even many devices out there that have hard coded passwords. If you ever tried 0000 to get into your router, you can probably figure that out. And of course, all of these devices are being used by hackers as from a botnet kind of specificity. IoT devices, electronic devices that connect to each other, not all these devices are created with good intentions. Cyber criminals can take existing IoT devices and use them to infiltrate secure networks.
So what can we do about this? What are the steps of CISOs and IT security teams are taking to mitigate these risks from supply chains and IoT attacks? Well, in my research, what I wanted to bring to you guys today is a little bit of what’s happening both at a macro and micro level, and starting with the federal government here in the US and the executive order that President Biden put out there, order number 14028 on improving the nation’s cybersecurity stands. In section four, the president announced the need for supply chain security improvements, and a subsection within this section four, I asked the director of NIST to publish preliminary guidelines based on consultations with whatever information they could find and drawing on existing documentation, as much as can be practical to enhance software supply chains and meeting the requirements of this section.
A couple of the excerpts that pulling out of here, as examples of what they were looking for, companies are using following questions to determine how risky suppliers are in their cybersecurity practices. For example, they wanted to bring vendors in on site to address any vulnerabilities of security gaps. So they’re asking questions like, how is your software code tested for code quality and vulnerabilities? What levels of malware protection are being used? What steps are taking to prove that you’re tamper proof, and that there’s no back doors left in your code? You know, this only prompted an additional excerpt that you should only have approved vendors and in any parts of the software package that you borrowed from other vendors need to be unpacked, inspected, x-rayed before being accepted. And then finally, as additional excerpt from the executive order and the NS guidelines was to really have tight controls around on access.
What are the access controls, both cyber and physical? How are they documented and audited? How do they protect customer data? What is the data encryption? How long is the data retained? And so on lots and lots of questions to take a look at how things are being protected for your supply chains. If you take a look at one other way of looking at this is the folks over at MITRE supply chain security obviously was very high profile with SolarWinds and Log4j but there was no single way or agreed upon way to define and measure supply chain risk. To that end, MITRE or built the prototype framework for the information and communications technology space that defines and quantifies risks and security concerns over supply chains, including software. When they put this together, they created what they call a system of trust, it’s a prototype framework, in essence, the standard methodology for evaluating suppliers.
So some of the features that MITRE put in place here is having a common taxonomy. Obviously we have to have the right language so that we can share the risk or understand the risks of support within our supply chain, suppliers and services. They wanted to find a way to make a consistent conversation around assessments and risk discussions, informing data decisions about supply chain risks, being able to source and apply these risk assessment information, having some way to measure what those risks are, providing cost efficient assessments of risk, and establishing a way of getting the training and the security best practices to everybody out there. Again, a couple of different ways of thinking about how do we deal with supply chain risk. In my kind of study, I went to dozens and dozens of places trying to find all the different controls and technologies that might be out there.
And you might imagine, I just found a spaghetti of different tools. While all of these are effective to some degree, it’s hard to discern from the long list of security controls and options, what would be best to support protecting your supply chain IoT environments? Is it third-party risk assessments? Is it data encryption? Is it a tax surface monitoring, incident response planning, penetration testing, software bill of materials? Was very popular. User behavior analytics, XDR, EDR, SIM, network intrusion detection, shifting left your security and monitoring the CICD process. As you might mentioned, everything jumbled up together. And with a lot of these solutions, they don’t have the connection of communication to get the greatest context, but leave it to the very smart guys out there. And an article from the Federal News Network entitled “Identity is everything for cyber defense post-SolarWinds.”
This article, I found it fantastic, highlights a number of takeaways from the SolarWinds breach. Not of least is right in the title identity is everything. According to the cyber security infrastructure security agency, a strategist there named by the name of Jay Gazlay, the hacker exploitation of verified credentials was highlighted as a critically important and the importance of identity controls and stopping these types of security breaches, particularly with an increasing use of cloud applications. He made some very interesting observations within this article. Of those who had the best shot of detection, were those agencies that had behavioral analysis techniques built into their identity management. Those who could flag anomalous activity, particularly the idea of impossible logins. If you have somebody who’s in California and they log in at 10:00 in the morning, they shouldn’t be able to log in again from South Korea at, at 10:00.
Within these federal agencies that did not have tools to detect anomalous activity, they would never be able to detect similar user impersonation attacks, which are becoming very fashionable for adversaries. And of the last observation that he made here was security should be automated as much as possible. Asking people to sort through individual indicators of compromise is a very, very hard task. So I took that and said, okay, what we’re really talking about here is the different levels of unauthorized access. And if we get a handle on these things, then we’ll be able to best manage our supply chain risk. But many of these tools that you might have for compromised credentials or privileged user monitoring, or service account monitoring, they don’t work together. They’re static, they’re fixed, unable to see the big picture using just correlation rules as the case may be.
We bring in User and Entity Behavioral Analytics. So UEBA as an acronym stands for User and Entity Behavioral Analytics. This is a technology that uses machine learning to understand how humans and machines normally behave so that you can identify and find high risk activity. You know, that deviates from the norm in which might be indicative or some sort of malicious activity or threat. Let’s face it, dealing with the rules or static detections are no longer cutting it. Reason number one, IOCs are static. They’re not very effective. Today’s attackers constantly change how their attacks work. This means using old indicators of compromise like their URLs or IPS or domains or file hashes. You’re not going to find some of these new attacks. Instead, looking for behavior of an attacker might be more effective. Number two, many of the attacks involve insiders, whether they’re malicious insiders or compromised insiders, these users are already in your system.
They already have access and they know where the crown jewels are. And in light of this, they don’t often set off the alarms. At a very simple example, a couple of points that you need to understand about abnormal behaviors is even though your database administrator might have access to a database, is it really normal for them to download that database at 3:00 AM on a Saturday morning? Right? These are the types of abnormal behaviors that you should be looking for. So how can UEBA help? Instead of all that manual rule creation, maintenance, UEBA uses again, machine learning and advance analytics to track and analyze what’s normal user behavior over time, comparing it to other users in a peer group. Once UEBA establishes that baseline of normal behavior, it flags any activities that are abnormal behavior automatically.
However, instead of just sending all those alerts to you, because you’re already receiving a lot of alerts, UEBA can ingest data from all of your other security solutions and multiple log sources, analyze and stitch this information and context together into a single timeline, and then apply risk scoring to the abnormal behaviors it collects. Then alert you only when the overall risk level of these behaviors exceeds a certain threshold.
What I like to do is take a closer look at UEBA and how it would help with those unauthorized access risks that we identified just a minute ago in your supply chain. The first, and probably the number one concern is compromised credentials. According to Verizon data breach investigation report in 2020 and 2021, there is a significant problem with stolen credentials. The problem that occurs is once a hacker has that stolen legitimate credential for a system, they can obtain the access as that user. And at that point, a lot of your security tools are unable to distinguish between that malicious activity and that of the compromised user as a trusted insider. The key comes down to behavior. Once UEBA has an established baseline for that user, it can identify things that might indicate the user’s credentials have been compromised.
Some behavioral indicators include abnormal account access, such as odd times, or from odd locations, unusual access patterns, device usage, application usage, and more, if they’re not normally logging into certain servers, then we’ll be able to distinguish that as an abnormal behavior. In essence, by comparing the user’s behavior against their baseline and that of their peers, it’s possible for UEBA to automatically find these types of threats. Privileged user monitoring. Here we are concerned about a special subset of users who have access to your high value resources, such as the databases or those who have administrative rights, intellectual property, and so on, because these users are access to critical assets. They could cause the most damage if they were malicious and/or compromised. Oftentimes these users’ work patterns may occur to be odd too, and unpredictable, because they’re trying to fix things because they have that level of access and fixing problems like an interruption in your application availability.
So UEBA comes in and helps in a couple of different ways. The first is to identify these users based on their contextual behavioral data. Do they normally interact with that sensitive database or do they perform admin operations on this other server? Then they are acting like those privileged users. Secondly, UEBA can view that user’s behavior across multiple data sources to find deviations in that user’s baseline, which may indicate that something’s wrong. The powerful combination of using UEBA with other tools like a privileged access monitor or privileged access security tools allows you to connect the context of the data from these tools. So the data from your Pam tool alongside any other data security tools may allow you to find these risky users and then risk score can then be fed back to those tools so they can trigger alerts and other corrective actions.
Next is compromise systems, hostess, and device. Obviously, we just talked about privileged users, now we’re talking about the many types of assets that you have in your organization that may also be compromised, including assets like routers and printers. IoT assets like cameras, sensors, OT assets that may exist in manufacturing or any heavy industry environments. All these are potential vulnerabilities and have vulnerabilities to compromise. For tax, IoT and OT, these are great targets. You know, they’re looking for these types of devices. IoT is a way to enter the organization through a smart device or something that has a default password and be able to transverse your network and move laterally once they’ve come in. In many cases, they have the same security controls that the rest organization, multiple users interacting with them.
It’s really one of those areas that make up the modern attack. UEBA helps firstly, by classifying these devices often by behavior, this is a server, this is a workstation, and then you’re able to value baseline again each asset to define what its normal operating condition is. And then finally allowing you to detect the abnormal activity and the associated users that are connected to these devices, right? Data exfiltration. We’re nearing the end here, but again a lot of areas where you can really improve the security of your supply chains. One area is data exfiltration. This is where your sensitive data is explicitly transferred outside the organization. You know, the problem might be that though you have other tools in place like data leakage protection is the main tool for tackling this kind of problem.
These types of tools sometimes have a huge false positive, false negative rate. So either you’re running wild to find data exfiltration across your whole network in a very unmanageable number of false positives, or you’re scoping it down and only managing and looking at a very subset of your data’s leaving you open to the possibility that you’re missing something. Either solution is not a great solution. UEBA can be a perfect compliment to the tools that you have in place for DLP. First off, it can find data exfiltration by itself looking at the behaviors of entities happening in your environment with or without the help of your DLP. But again, combining these tools together gives you another set of eyes that are looking at your data for abnormal data access, abnormal transfers of data, and so on.
Secondly, UEBA assigns risk scores again to every user who’s accessing your data and identifying who is behaving abnormally. So finding a DLP alert and also has a high risk score for a user might be extremely valuable. Lastly, UEBA often finds data exfiltration earlier in its life cycle before the user actually moves the data outside the organization, giving you an earlier chance to identify this abnormal behavior. And that might be indicative of the particular threat, even without exfiltration actually occurring.
Now, one area that is often missed is just looking at fail login attempts and account lockouts. You know, everybody miss types or fat fingers a password once in a while, but yeah, some of you might be rolling your eyes right now about including these things in the list, but it’s worth pointing out how prevalent failed logins and account lockouts are indicators of something bad that’s happening in the environment. I know it happens all the time and you never know what’s really going on out there until you take a look at the other indicators or activities, the behaviors that are happening around an account lockout. Each time this happens, it can take a couple minutes or a couple of hours to get the due diligence needed to sort out the problem.
And that time adds up. So where does UEBA help? Similarly, to what we talked about for DLP, the key here is two-fold, a behavior, the context, the prioritization, these areas are going to help you with this area. UEBA understands normal behavior, it can assign a risk to things that are abnormal, and also as a wealth of information about other systems that are in your environment. For example, forgetful person or someone who has fat fingers. UEBA knows if the user recently had a password reset. It also knows if the user or asset is behaving abnormally in other ways, for example, perhaps a password spray campaign is happening, and from that user’s point of view, a single lockout is not an indicator, but multiple lockouts on multiple devices that are happening succinctly or in a short period of time, have a greater chance of a higher risk score. In short, UEBA has a context and needed to help your analysts make judgements on what they do about each lockout and whether it’s an indicator of something else that’s going on.
Finally, service account misuse. This is very important. The problem is difficult for a number of reasons. First, many organizations don’t even know how many separate accounts have. Secondly, service accounts are often high privileged accounts who do their jobs. This means they can be very damaging if compromised or abused, and you have limited visibility into these accounts. So it’s a bit of a perfect storm of all the ways unauthorized access can step in here. UEBA again, helps in a number of ways with service account identification, learning the activities of these accounts and users. They have totally different behavior patterns from other users, and they can be predictable. So it’s very clear from the baselines when that abnormal activity is occurring, and you’ll be able to see that activity within the system. Thirdly, should a breach occur, most UEBA tools automatically piece, again, the evidence together that shows what happened, which should make your investigations easier and more straightforward.
So finally, before we part ways for this particular webinar, I wanted to give you a few tips on how to pick a good UEBA tool. These concepts can help you cut through a lot of noise and find the tools that are going to be the best bang for your buck, and ultimately, help you support and defend your supply change in other IoT devices. So here’s six reasons to what you should be looking for. Look for a UEBA tool that has a broad data source support, specifically support with all the tools that you’ve already invested in. This is not a replacement, but something that’s going to make all the tools you have that much better. With this support, UEBA can to make these tools deliver better detection and by drawing all those contexts together.
Look for a tool that really understands and is able to baseline that normal behavior. This is critical, crucial. There are many analytics companies out there it’s simply package up a bunch of correlation rules and it’s not the same as machine learning. Make sure that your UEBA solution is actually learning and base-lining and identifying what’s normal so that it can show you what’s abnormal.
Part of understanding that normal is being able to compare a user against their peer group. Active directory data is often incomplete or out of date. Dynamic peer grouping allows your UEBA solution to compare one user against their peers. So if one user is behaving abnormally, you’ll be able to identify that. And he does this by finding users normal baselines, again, that are similar and dynamically grouping them together, either by application or even if they work for the same boss, then the system can compare deviation from that baseline. Lateral movement tracking is very important here. Not all tools are built equally to do this in terms of their ability to follow attacks. You know, when you’re looking at these tools, ask your vendors what their capabilities are, see a demo, a proof of concept, make sure that you’re happy with the ability to track movements across your network.
Part of being able to do that is to understand timelines and making sure you know which events happened when, and what that incident looks like from the very beginning. You’re going to find plenty of tools out there that miss some of the early components, but when you stitch all the information together in a timeline, you’ll have a better understanding of what’s happening within the environment. And you need to be able to understand it sufficiently what happens when an attack, without having to go back to your SIM to dig up the raw logs. You want to be able to automate this as much as possible so you can gather the evidence in order to improve your team’s productivity. And finally, SOAR integrations. If you have a SOAR tool, fantastic. You wanted to integrate with your UEBA tool of choice. After all, when you find something that’s deviant, you want to be able to react and respond to that. Having the ability to automatically respond to detected threats provides a faster response time and furthers your productivity.
So that’s what I had for you this morning. I wanted to bring to your attention seize the breach around supply chain breaches, and IoT risks and different ways that you can solve this problem with an emphasis on really understanding user behavior and the tools out there to solve some of these unauthorized access questions. Let’s take a look to see if there’re any questions. Were there any questions in the question panel? Because I do not see anything in the chat panel. Great. I wanted to thank everybody for joining us today, and we look forward to having you on a future webinar. I’ll give you 10 minutes back.