Blog

The aim of Cybersecurity Highlights service is to gather all relevant news related to cybersecurity through the year. This is the article that summarizes those news that have been more important in 2017.

Denial-of-service attacks are a type of cyber-attack which consists on reducing or cancelling altogether the capacity of servers or other computing resources to provide service. A denial-of-service attack can occur in different scenarios, such as overloading online services by mass request sending or exploiting vulnerabilities of programs or services in order to suspend function totally or partially. In most of such attacks, attackers use a wide range of techniques and tools to hide their identities, which makes it especially challenging to find the culprits.

The year 2017 has come to an end, maintaining the trend of previous years, we have witnessed an increase in the number of vulnerabilities published affecting industrial control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. For this new year 2018, a similar scenario is expected in which industrial cybersecurity still increases its importance.

The constant pressure from operating costs and the halt in investments due to the crisis have made it so industrial systems have had to improve the administration of their assets in order to lower product prices, thus recurring to IT solutions. The result is that industry is changing in the way its processes are managed and operated in order to integrate them in business.

The Internet of Things (IoT) has started to become part of daily life in society: intelligent homes, intelligent education, intelligent healthcare, wearable devices, the Internet of Vehicles (IoV) and other industries make great use of this technology, with it playing a key role in the digital transformation and the hyper-connection of their elements.

The Open Web Application Security Project (OWASP) has published the 10 most critical web application risks, 2017 edition, which points injection attacks as the greater security risk once again, as in the 2013 and 2010 editions.

Tomando en consideración las amenazas y los riesgos detallados anteriormente queda de manifiesto la necesidad de desarrollar acciones o modelos de protección para mitigar las vulnerabilidades que surgen del tratamiento de los datos de los usuarios así como prácticas de seguridad en la funcionalidad y el despliegue de tecnologías IoT.

The protection of critical and strategic infrastructures in our country is a task that must be tackled by all the agents involved in a public-private cooperation framework.

The IDS, IPS and SIEM are equipment originally designed for IT environments but whose adaptation to TO environments has been forced in recent years due to a proliferation of attacks on industrial environments.