En esta sección se ofrecen contenidos de interés para los profesionales que manejan en su actividad diferentes lenguajes de programación, entornos de desarrollo, herramientas para garantizar la seguridad, analistas y auditores de código, criptógrafos, o especialistas en ingeniería inversa y malware.

Dragonfly 2.0 mapping on MITRE ATT&CK ICS Matrix

Posted on 21/03/2024, by
INCIBE (INCIBE)
Decorative image
Currently, industrial infrastructures are suffering more attacks than ever before, and it is expected that attacks on these types of infrastructures will continue to grow exponentially in the coming years. This is why, throughout this article, an analysis will be made of a group of cybercriminals and their standard attack, showing how information can be obtained on the modus operandi, when and by what tactics and techniques they managed to attack an industrial infrastructure

ICS malware analysis study: BlackEnergy

Posted on 15/02/2024, by
INCIBE (INCIBE)
Threat analysis study decorative image
The industrial environment, especially the energy sector, is one of sectors that is suffering the most from cyber-attacks. This trend has been increasing in recent years, as this is one of the most information-sensitive sectors and can cause major problems, both economically and socially.One of the best examples of malware attacks is BlackEnergy. This malware became known for being able to compromise several electricity distributors on 23 December 2015, causing households in the Ivano-Frankvisk region of Ukraine (a population of around 1.5 million) to be without electricity.For this reason, due to seriousness of this type of cyberattacks, it is necessary to continue researching and investing in industrial cybersecurity, to reduce the damage caused by this type of cyber-attack in industrial environments.

NB-IoT the ideal and low-power conection for IIoT

Posted on 08/02/2024, by
INCIBE (INCIBE)
Decorative photo about Industrial Internet of Things
IoT networks are very useful for everyday life, but their use is not limited only to this type of environment; there are industrial environments where this type of networks can benefit connectivity between industrial devices and provide capabilities that other types of networks could not. The 3rd Generation Partnership Project or 3GPP developed the NB-IoT protocol, a protocol for when networks with higher performance, higher speed and high interconnectivity capacity between devices are required. This protocol can work both in IoT devices and in IoT devices in the industrial environment (IIoT).

Cibersecurity in the healthcare sector: features, threats and recommendations

Posted on 25/01/2024, by
Juan Díez González
Cibersecurity in the healthcare sector
After the pandemic, it has been observed that the healthcare sector has been one of the most attacked by cybercrimilas and organizations. This has generated a significant impact on the affected organitations, making it essencial to protect this sector due to its strategic nature and to achieve this, it is neccesary to understand its characteristics and the threats that affect it.

OPC UA, balancing cybersecurity and performance

Posted on 11/01/2024, by
INCIBE (INCIBE)
Industrial factory at night
The OPC UA (OPC unified architecture) communication protocol is the most modern standard presented by OPC Foundation. Currently, the OPC UA protocol is one of the most widely used in industrial environments, due to its ability to interconnect different devices, regardless of their base protocol and vendor.Throughout this article, a technical assessment of the protocol will be conducted, explaining in detail the technical capabilities that allow a high level of cybersecurity to be implemented without causing performance losses in the devices. 

Ransomware families: response and recovery actions

Posted on 04/01/2024, by
INCIBE (INCIBE)
Ransomware families: response and recovery actions
Ransomware, one of the top cybersecurity threats in today's landscape, allows criminals to hijack data and demand ransoms. Although there are various families and variants, some are especially destructive. These cybercriminals have refined their methods, using everything from complex extortion to bug bounty-type programs. In the face of these challenges, we will explore tools and strategies to recover from and defend against such attacks.

Top 20 ICS mitigations during 2023. Part 2

Posted on 28/12/2023, by
INCIBE (INCIBE)
Top 20 ICS mitigations during 2023. Part 2
Second part of the Top 20 mitigations for industrial environments. This part will focus on mitigations related to network architecture, industrial protocols, network configuration and vulnerability scanning.

Top 20 ICS mitigations during 2023. Part 1

Posted on 21/12/2023, by
INCIBE (INCIBE)
Top 20 ICS mitigations during 2023. Part 1
In the industrial world, there are a large number of systems, equipment, networks, areas, ducts, cloud environments, IT-OT environments, etc. In recent years, the number of attacks on industrial environments has been growing exponentially, and not only on purely industrial environments, but also on corporate environments that are connected to industrial environments. These IT environments being access points for attackers due to this IT/OT connectivity.

Attack trends in the industrial sector during 2023

Posted on 30/11/2023, by
INCIBE (INCIBE)
Attack trends in the industrial sector during 2023
The security gaps and issues that exist within industrial environments are sometimes unknown to many information consumers. This article aims to bring first hand some of the most interesting issues and attack trends in 2023 in the industrial sector. Different industrial cybersecurity incidents so far this year will be described at a high level and a comparison will be made with the trend presented at the beginning of the year.

Open Intelligence in Industry: An Analysis of OSINT

Posted on 16/11/2023, by
INCIBE (INCIBE)
Inteligencia abierta en la industria: un análisis sobre el OSINT
OSINT (Open-Source Intelligence) is a technique that focuses on the collection, evaluation and analysis of public information through different methods and techniques, with the objective of discovering vulnerabilities or collecting sensitive information that could become threats. It should be emphasized that the data collection is not called OSINT, it would be raw information. Once this information is evaluated and treated, it could be said that we are really talking about open-source intelligence (OSINT).Initially it has been used in the military and government sector. Its use in OT, with disciplines such as SIGINT (Signals Intelligence), IMINT (Imagery Intelligence) or even 'Sock Puppets' (fake profiles or intruders in technical forums) is making havoc due to the criticality of this equipment. Disinformation or the compilation of sensitive industrial technical information are some of the serious consequences that this sector is exposed to.

Avaddon: response and recovery actions

Posted on 09/11/2023, by
INCIBE (INCIBE)
Avaddon: response and recovery actions
The  Avaddon ransomware appears as a disturbing threat that has demonstrated its ability to exploit vulnerabilities in systems, compromising the security and integrity of critical data. This article dives into the details of how Avaddon works, while also providing a comprehensive analysis of strategies to detect and mitigate the threat. 

Hive: response and recovery actions

Posted on 04/11/2023, by
INCIBE (INCIBE)
Hive: response and recovery actions
The  Hive ransomware (especially in its v5 version) stands out for its sophistication, and for the impact caused to hundreds of companies and organizations worldwide, bypassing conventional defenses and challenging analysts with its advanced techniques.In this article, we unravel its features, from its encryption methods to its anti-analysis countermeasures, illustrating not only the threat it poses, but also how it can be combated. Through a technical analysis, it is intended to empower readers with the knowledge necessary to understand and ultimately defend against these types of threats.

Go top