Segmentados Investigación y Análisis

Contenido Segmentados Investigación y Análisis

En esta sección se ofrecen contenidos de interés para los profesionales que participan en la investigación de vulnerabilidades, análisis de amenazas y eventos de ciberseguridad, forense digital, hacking ético o pentesting, investigador del fraude o analista de ciberinteligencia.

ASLR: the essential protection against memory exploitation

Updated on 16/01/2025, by
INCIBE (INCIBE)
ASLR blog decorative image
Memory corruption vulnerabilities are critical flaws in programs that occur when software improperly manipulates memory. These failures can allow a program to write data to unintended memory locations or access areas of memory that are out of range. An attacker controlling this data could trigger unexpected behavior on the system, such as causing the program to crash or, in the worst case, gaining full control over the affected system. In part, this is because initially computer systems were not designed with security in mind, so the memory addresses used by programs and operating systems were static and predictable. This meant that every time a program was run, memory locations, such as the stack, heap,  and shared libraries, were always in the same direction. This predictability made it easier for attackers to exploit memory vulnerabilities, such as buffer overflows and libc return-back attacks, as they could anticipate exactly where the data or code they wanted to manipulate to execute malicious code would be located. In this article, we will look at how the ASLR technique helps combat these vulnerabilities.

Good practices of safe development in industrial control

Posted on 26/12/2024, by
INCIBE (INCIBE)
Good practices of safe development in industrial control blog cover
Today, one of the most critical, but least known, procedures in industrial security is the secure development. This article gathers all the best practices for the creation of specific applications and equipment for industrial environments in a secure manner. Security aspects that must take into account both the work done during the design (confidentiality of the company and customers, workers' security...), and the security that the designed product itself must present throughout its life cycle (vulnerability management, access control, input/output management...).The aim of this article is to address the good practices of secure development, from the perspective of industrial cybersecurity. Although traditional best practices can be applicable to these environments, the fundamental aspects of safety and availability generate different approaches, mainly in aspects related to memory and resource management, update and patch management cycles, etc.

Keys to implementing the new vehicle cybersecurity regulations R155 and R156

Posted on 28/11/2024, by
INCIBE (INCIBE)
Claves para aplicar las nuevas normativas de ciberseguridad para vehículos
This article aims to present a brief example guide for an implementation of the new standard in a supplier's facilities.Going through the critical points of the standard, a generic use case will be followed to exemplify how a vehicle manufacturer can adapt its processes to comply with the new standard in an efficient and effective way.By presenting an overview of the standard and production processes, the aim is to provide a brief guide to serve as a starting point and help avoid common failures in industrial environments when faced with new regulations, such as redundancy of effort, inefficiency in resource management and deficiencies in the application of safety measures.

Pipeline CI/CD security

Posted on 14/11/2024, by
INCIBE (INCIBE)
Pipeline CI/CD security blog cover
A  CI/CD (Continuous Integration/Continuous Deployment) pipeline is an essential tool in modern software development, which allows you to automate and optimize the entire development lifecycle, from code integration to its deployment in production. The article aims to explain security in  CI/CD pipelines, motivating readers to adopt automated practices that not only optimize software development, but also minimize the associated risks. Keep in mind that automation carries certain risks if not handled safely, as it can increase the attack surface for cybercriminals. It underscores the importance of implementing security controls at every stage of the pipeline, urging developers to take initiative-taking steps to protect their code, their environments, and ultimately, their final products.

Microsegmentation of industrial networks

Updated on 31/10/2024, by
INCIBE (INCIBE)
microsegmentation of industrial networks decorative image
Larger scale and complexity industrial control networks present risks, and cybersecurity needs that usually cannot be met by applying a traditional segmentation model. Factors such as the presence of critical obsolete equipment, equipment managed by third parties or the increased presence of IoT technologies that require external connections, are motivating the adoption of more advanced architectures when applying the principle of defense in depth.Proper segmentation can be a fundamental aspect in preventing attacks, especially in their propagation to essential and critical production assets. It is also important to adapt to the environment to be segmented. It is a common mistake to try to segment networks based on concepts and schemes like the IT environment.This article will present some new network models and tips to work on a correct segmentation in an environment where different components are involved (OT, IIoT, IT, IoT).

Using the Calera OT tool

Posted on 19/09/2024, by
INCIBE (INCIBE)
Using the Calera OT tool cover
MITRE Caldera OT stands out mainly for being an open-source tool that allows the simulation of different cyber-attacks in industrial environments. This tool was created by MITRE and CISA (US Cybersecurity and Infrastructures Security Agency), as the experts saw the need to be able to improve and understand cybersecurity in industrial environments without using a high number of resources.In addition, this tool is designed to be used by both the Red Team and the Blue Team, allowing both teams to collaborate with each other to improve the level of cyber security in these environments.

Fuxnet: the malware that paralyzed ICS systems

Updated on 26/09/2024, by
INCIBE (INCIBE)
Portada de blog Fuxnet: El malware que paralizó sistemas SCI
The increasing development of malware targeting the industrial world has not halted its momentum in the slightest. Several research groups have detected a new malware called Fuxnet and are currently investigating its scope. This malware has the capability to send specific requests at the serial level, via RS485/MBus, executing floods to more than 87.000 assets, including control systems and integrated sensors deployed across different sectors. Among the infrastructures compromised by this malware, we find hospitals, airports and other critical infrastructures that provide essential services to the population.

ICS risk analysis

Updated on 12/09/2024, by
INCIBE (INCIBE)
Blog image Análisis de riesgos en SCI
In the era of interconnection and digitization, industrial control systems (ICS) are increasingly exposed to cyber threats. These systems are vital for energy production, manufacturing and critical infrastructure management, and their protection has become an essential priority.Risk analysis is fundamental in this context, as it allows identifying, assessing and prioritizing the risks that can affect ICS. This process, ranges from technical vulnerabilities to emerging threats, and is crucial for developing effective mitigation and protection strategies.In this article, the challenges and solutions related to risk analysis in ICS will be explored, as well as the importance of the IEC 62443-3-2 standard in this critical process.

Cybersecurity challenges of digital twins: threats and security measures

Posted on 05/09/2024, by
INCIBE (INCIBE)
Imagen de portada del blog gemelos digitales
The digital twins are virtual recreations of real-world objects or processes. This innovative idea, proposed by Dr. Michael Grieves, has become increasingly relevant in various industrial sectors thanks to the advancement of technologies such as 3D modelling, the Internet of Things (IoT), the IIoT (Industrial Internet of Things), machine learning and big data. Its application makes it possible to simulate and analyse physical processes efficiently, thus contributing to the digital transformation of industry, also known as Industry 4.0.The fundamental purpose of digital twins is to facilitate the understanding of how elements operate in the physical world. For example, in manufacturing, it is possible to create a digital twin of a factory and through simulations explore different scenarios: what would happen if a machine were modified, how would it impact production, and what would happen if a machine were changed? The digital twin provides answers before real changes are made to the physical environment, speeding up decision-making and optimising processes.

Behavior analysis as a cybersecurity tool

Posted on 29/08/2024, by
INCIBE (INCIBE)
Portada blog UEBA
The ability to monitor and analyze the behavior of users and entities becomes crucial for early detection and response to potential threats. UEBA solutions identify unusual or anomalous patterns in user behavior, enabling rapid identification of internal threats or external compromises. This post focuses on how UEBA analysis is becoming an essential tool for a cybersecurity strategy, from identifying suspicious behavior to preventing potential security breaches.

Cybersecurity in the agri-food industry

Updated on 22/08/2024, by
INCIBE (INCIBE)
Portada del blog La ciberseguridad en el sector agroalimentario
The agri-food sector is one of the most critical sectors today because it is one of the most important sectors for the country's economy, as it produces food.This sector, like many others, is in continuous evolution. An example of this is the automation and digitalization of the many processes that are carried out. These new technologies bring many advantages, such as more efficient processes, less water consumption, detection of possible risks, etc. These great advantages also bring with them some problems, such as increased exposure to cyber-attacks.Therefore, this article provides some basic knowledge to make the industry aware of the importance of implementing cybersecurity in their technologies. 

APT in ICS

Updated on 25/07/2024, by
INCIBE (INCIBE)
APT en SCI portada
In the industrial environment, the interconnection of industrial equipment for maintenance via the Internet is becoming increasingly common. However, this has also opened the door to a new and dangerous landscape of threats. This article reviews one of the most representative threats within this current new paradigm, APTs, how concern about this type of threat is increasing, and how they operate during an industrial attack.