Cyber Incident Victim: Scutum

The Scutum incident began with a ransomware attack targeting the French subsidiary of the security specialist group during the night of November 1-2, 2020. The company detected a compromise of its information system following the encryption of portions of its infrastructure by a malicious cryptolocker. Immediate impacts included the unavailability of public-facing websites myscutum.fr and securite-sf.com, though critical operational systems for video surveillance, customer support (SAV), and maintenance remained functional. As containment measures, Scutum proactively shut down its scutum.fr email services along with select infrastructure components and services. The organization initiated forensic investigations but found no evidence of data exfiltration at this preliminary stage. Response protocols included formal notification to France's National Cybersecurity Agency (ANssi) and engagement of external cybersecurity partners to assist with system remediation and hardening efforts.

Technical analysis revealed prolonged exposure through unpatched vulnerabilities in Scutum's infrastructure. Two Citrix Netscaler/Gateway systems remained vulnerable to CVE-2019-19781, a critical path traversal and remote code execution flaw, with one system unpatched until late July 2020 and the other until late August according to Shodan data. Independent analysis by Onyphe indicated even greater exposure windows, showing one system remained vulnerable until early October 2020 and the other still unpatched as of November 4 – three days post-incident. The company did not publicly disclose whether these vulnerabilities facilitated the ransomware intrusion. Business continuity measures preserved core monitoring and service operations while recovery efforts focused on encrypted systems and email restoration. Scutum maintained operational silence regarding media inquiries throughout the immediate aftermath, limiting public details about attack vectors or ransom demands.