Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Incident responses

   Have you suffered an incident? Contact us

Logo respuesta a incidentes de ciberseguridad - INCIBE

Citizens: Incidencias INCIBE-CERT

Companies: Incidencias INCIBE-CERT

Institutions affiliated with the Spanish academic and research network (RedIRIS): Mailbox of RedIRIS

Critical infrastructure operators: Buzón PIC de INCIBE-CERT

Digital service providers: Incidencias INCIBE-CERT

If you wish, you can also contact us through the following form.

INCIBE-CERT, as a reference security incident response center for citizens and private law entities in Spain, has the following functions:

  • Offer technical support and provide information to help resolve cybersecurity incidents within its scope of action.
  • Employ early detection techniques for incidents, notifying the affected parties so they can take action.
  • Maintain contact with Internet service providers and other CERTs (both national and international), notifying them of the incident so that measures can be taken to limit or prevent its continuation.

INCIBE-CERT does not have among its functions: 

  • Carrying out direct actions on the resources used in cybersecurity incidents, such as:
    • Shutting down websites
    • Blocking telecommunication network resources
    • Blocking social media profiles
    • Blocking or closing other digital resources
  • Carrying out actions that fall under the jurisdiction of the State Security Forces and Bodies, except for notification and coordination with all involved actors to improve effectiveness in combating potential crimes, such as:
    • Pursuing cybercriminals
    • Actions against thefts or leaks of information
    • Actions against digital harassment situations
    • Other cybercrimes
  • Resolving doubts or inquiries within the scope of cybersecurity on issues such as:
    • Legal matters
    • Consumer related issues
    • Copyright
    • Domain registration for .es
    • Legitimacy of websites
    • Other doubts or inquiries.
  • Filing complaints with:
    • The State Security Forces and Bodies
    • The Spanish Agency for the Protection of Data (AEPD)
    • other types of complaints or emergencies

In its role as a CERT(Computer Emergency Response Team), INCIBE-CERT provides services for cybersecurity incidents reported by citizens and companies in Spain. The purpose of the service is to provide INCIBE-CERT's target audiences with the technological and coordination capacity to offer operational support in the event of cyber threats or cyber incidents.

This service is continuously available to citizens, companies, digital service providers, member entities of RedIRIS and strategic operators on a 24x7x365 basis.

INCIBE-CERT's specialised technical incident response team provides technical support for cybersecurity incidents. To protect the confidentiality of the data provided, INCIBE-CERT has PGP public keys that allow their encryption.

Likewise, if the incident involves a crime, INCIBE-CERT facilitates the arrival and coordination with the State Security Forces and Corps in the event that the affected party wishes to file a complaint.

In addition to receiving incidents through the mailboxes for this purpose, INCIBE-CERT uses techniques for the anticipation and early detection of incidents based on the aggregation of information sources. This makes it possible, on the one hand, to produce alerts and warnings on campaigns to improve protection against cyber threats. On the other, for the early detection of incidents, it notifies the affected party and liaises with internet providers and other CERTs if necessary.

Within the actions under way to collaborate in the fight against fraud, we pay special attention to cases related to '.es' TLD domains, for which we work very closely with dominios.esdominios.es. The cooperation of customers and users of the affected service is essential to properly block fraudulent content and avoid the impact it may have on these users.dominios.es. The collaboration of clients and users of the affected service is essential to properly block fraudulent content and prevent the impact it may have on said users.

The Incident Response service is aimed at:

  • Citizens: through the Office of Internet User Safety and the Incidencias INCIBE-CERT email address.
  • Companies: through Protect your company and the Incidencias INCIBE-CERT email address.
  • Institutions affiliated with the Spanish academic and research network (RedIRIS): through the Mailbox of RedIRIS email address.
  • Essential and critical infrastructure operators: through the Buzón PIC de INCIBE-CERT email address.
  • Digital service providers: through the Incidencias INCIBE-CERTemail address.

Contact the incident management service for RedIRIS. If you wish to obtain further information about incident management, you can check the following links:

RedIRIS also provides a list of valuable services, in collaboration with INCIBE:

  • The restricted list for security officers of member institutions of RedIRIS for the coordination of security incidents. At least one contact point per member institution must be registered on this list.
  • The activities that INCIBE, in coordination with RedIRIS, provides to RedIRIS member institutions are: incident management, technical advice, procedures, action guides, courses, recommendations, etc. INCIBE supports RedIRIS in those national or international forums or activities related to the provision of the Incident Response Service.

No, when you refer a cybersecurity incident to us we will evaluate the actions we can take with the associated digital resources depending on the type of incident, but in no case does this replace the filing of a report with the State Security Forces and Corps. This complaint must be made by the interested party, and in person.

From the point of view of reporting this type of situation, INCIBE-CERT has neither the legal authority nor the power to undertake this type of action. But you can talk to the INCIBE Cybersecurity Helpline through its different channels, which offers help and psychosocial support in cases of digital harassment for minors.

Yes, at INCIBE-CERT we can offer you the guidelines and considerations to take into account for containment, mitigation and recovery in the event of a web intrusion or attack on your company. These guidelines and considerations should be implemented by the technical staff of the organisation concerned or its outsourced technology and/or cybersecurity company. All the help we can offer you from INCIBE-CERT in no case replaces the company or tech personnel with whom you work. In this sense, we are a facilitating agent so that you can resolve the incident as quickly as possible. As always, we would appreciate it if you could provide us with information regarding the attack, such as IOCs and hosts involved in the attack, in order to make appropriate notifications and expand our knowledge base.

If you are a citizen or a company and want to ask us a question or resolve any doubts you may have about cybersecurity, you can contact us via the national, free and confidential telephone number 017; or the instant messaging channels on WhatsApp (900 116 117) and Telegram (@INCIBE017). A multidisciplinary team of experts will attend you from 8.00 am to 11.00 pm every day of the year (including Saturdays, Sundays and public holidays). All information on this service is available on the Cybersecurity Helpline.

INCIBE-CERT does not have the power or authority to return a domain to its rightful owner. Depending on different variables, from the registry authority itself or by filing a complaint, you may be able to recover your domain. For domains of the '.es' TLD, is it possible to use the out-of-court conflict resolution system (DRP)? For the use of '.es' domain names developed by the public corporate entity Red.es to claim ownership of the affected domain, alleging the legitimate interest that you may have as the claimant. You can find more information at this link: recover your domain. You can also request dominios.es to cancel the domain if your case falls within the cases set out at: cancel your domain

No, INCIBE-CERT does not have the power or authority to act in this type of situation. If you wish to report an emergency or require immediate police presence, you should call the emergency number 112, so that your case can be assessed by professionals and the appropriate emergency services can be activated.