In February 2019, the group behind the Triton attack on oil and gas companies changed their tactics. The group started scanning electric utility companies for vulnerabilities, according to critical infrastructure security firm Dragos. The capability to attack more than one target suggests the actors in the group have become more sophisticated and better-funded. The problem is that, while attackers have increased their capabilities, defenders still remain stuck with a limited number of tools. Most governments and companies targeted by such attacks are left with a single option: Learn about the attackers and then kick them out of the infrastructure.”]