Blog

Contenido Blog

Secure configurations in industrial devices

Posted on 10/08/2023, by
INCIBE (INCIBE)
Secure configurations in industrial devices Blog cover
Within the industrial world, systems can be detected that do not have all their cybersecurity capabilities activated. This can occur for a variety of reasons, but if detected, each case must be analyzed to get the most out of each device. The ability to robustly configure programs, services or other nuances within industrial systems is called bastioning and allows, among other things, to prevent assets from having a large exposure to the network or the solutions deployed in the system from having vulnerabilities resulting from misconfiguration.In this article, we will begin by explaining what hardening is and how to apply it to our industrial network, along with some good practices to follow.

Maze, Egregor and Sekhmet: response and recovery actions

Posted on 03/08/2023, by
INCIBE (INCIBE)
Decorative image with skull and red background
The history of cybersecurity is marked by names that have left an indelible mark on the field of digital threats. Among them, Maze, Egregor and Sekhmet stand out as notable ransomware variants, whose similarities go beyond mere coincidence. In this article, we will unravel the tactics these ransomwares employed,  the encryption mechanisms they used, and the evasion and propagation strategies they employed. The review of these malware will offer us a deeper insight into the persistent threat of ransomware, as well as the importance and need to strengthen our cybersecurity posture.

Purple Team increases the effectiveness of the Red Team and Blue Team in SCI

Posted on 27/07/2023, by
INCIBE (INCIBE)
All about Purple Team increases the effectiveness of the Red Team and the Blue Team in SCI
The Purple Teams are exercises in which three very well differentiated teams participate: a Red Team, a Blue Team and a Purple Team. The Red Team will be in charge of carrying out attacks on the defined structure, the Blue Team will be the team in charge of defending that structure and the inclusion of the Purple Team allows the two previous teams to communicate with each other and be organized correctly thanks to the work of the purple team. This is why the Purple Teams allow a great number of advantages to be obtained with respect to carrying out the exercises separately and without coordination between them.This article presents all these advantages and much more about Purple Teams.

"Good practices for the recovery of industrial systems (II)”

Posted on 20/07/2023, by
INCIBE (INCIBE)
Decorative image notebook with headlines emergency, response and plan
When a security incident occurs in an ICS (Industrial Control System), depending on the severity of the incident, it can generate a serious problem, both at a productive and economic level, as well as in the security of the people working in the industrial system.Therefore, in this article following the one entitled "Good practices for the recovery of industrial systems (I)", response plans will be discussed from a point of view oriented to current regulations, as well as their applications and necessity in critical industrial environments, such as the energy sector. 

Good practices for the recovery of industrial systems(I)

Posted on 13/07/2023, by
INCIBE (INCIBE)
Good practices for the recovery of industrial systems(I) decorative image
When a security incident occurs in an ICS (Industrial Control System), depending on its severity, it can generate a serious problem, both at a productive and economic level, as well as in the security of the people working in the industrial system.Therefore, in this first article of a series on this subject, we will explain precisely the recovery plans, some general guidelines for their development and some conclusions on the use and applicability of these plans.

Ragnarok: response and recovery actions

Posted on 06/07/2023, by
INCIBE (INCIBE)
Decorative image Using recovery tools and processes: ragnarok
At the end of 2019, the Ragnarok (or Asnarok) ransomware appeared leaving a trail of digital victims in its path. The malware not only encrypted the files and demanded a ransom, but also threatened to erase and publish the stolen data. This article offers an in-depth look at Ragnarok, from its design and motivation to its methods of infection and spread. In addition, it provides different methods of response and disinfection.

Improve your systems thanks to virtual PLCs

Posted on 29/06/2023, by
INCIBE (INCIBE)
Decorative image Improve your systems thanks to virtual PLCs
In recent years, the constant technological evolution has made possible a large number of advances that would have been unthinkable years ago. In industrial environments, one of the latest developments that promises to stand out and is here to stay are virtual PLC.The virtualization of these controllers will make it possible to decouple the hardware from the software, i.e. the software will be installed in the engineering stations, while the hardware will remain in another area outside the production area.

IDS solutions in industrial environments

Posted on 22/06/2023, by
INCIBE (INCIBE)
Decorative image IDS solutions
IDSs are passive elements that are in our network to ensure its security, but what would happen if all our communications were encrypted, or would this protection measure be enough to ensure that my network is protected? These questions and more will be discussed in the following article to provide solutions and advice focused on industrial environments.

LoRaWAN and its contribution to IIoT

Posted on 15/06/2023, by
Pablo Baltuille
Decorative image LoRaWAN and its contribution to IIoT
The Industrial Internet of Things (IIoT) has experienced considerable growth in recent years, providing crucial improvements. However, it also has some limitations in terms of consumption, security, cost or scalability. In this blog, we will see how the appearance of LoRaWAN in this area can solve part of those limitations.