Segmentados Investigación y Análisis

CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.

Since its appearance in 2022, Black Basta has established itself as one of the most dangerous ransomwares in the current landscape, standing out for its ability to carry out double extortion attacks, stealing and encrypting data from its victims. Although it focuses on Windows systems, versions for Linux systems that attack ESXi hypervisors have also been discovered. At the end of December 2023, a renowned ethical hacking lab in Berlin published a decryption tool on GitHub to combat it. Although the group has recently updated its software to fix this flaw, the release of the decryption tool represents a major blow against its operations. In this article, we take a closer look at how this ransomware works, exploring the methods it employs to compromise the integrity of data and systems and presenting the decryption method for its vulnerable version.

The automotive world has always been one of the most cutting-edge sectors in terms of the technology used, which is why today's cars are equipped with technologies such as Bluetooth, NFC, GPS, etc., which improve different aspects such as comfort, fuel efficiency and increased safety.But these implemented technologies can also bring with them serious problems, such as the risk of cyber-attacks that can affect passengers in the vehicle, both at the level of personal data and physical security.For this reason, this article aims to provide an insight into some of the cyber-attacks that smart cars have suffered and how cyber-security is evolving and adapting to make more and more vehicles cyber-safe.

Currently, industrial infrastructures are suffering more attacks than ever before, and it is expected that attacks on these types of infrastructures will continue to grow exponentially in the coming years. This is why, throughout this article, an analysis will be made of a group of cybercriminals and their standard attack, showing how information can be obtained on the modus operandi, when and by what tactics and techniques they managed to attack an industrial infrastructure

LockBit ransomware has rapidly evolved to become one of the most prolific threats of our time. Its technical sophistication, evidenced by the development of tools, such as StealBit, for automated data exfiltration and its adaptation to attack Linux servers, specifically ESXi, demonstrate the advanced adaptability and potential impact on affected organizations.In addition, the implementation of a ransomware-as-a-service (RaaS) model and double extortion tactics underscore the complexity and coercive nature of their campaigns. The response to this threat, however, has culminated in a collaborative law enforcement effort that has succeeded in dismantling LockBit's infrastructure, leading to the arrest and indictment of several of its operators. In this article we focus on the version of LockBit 3.0, presenting its main features and the current tools for recovering data in case it has been compromised.

Within the framework of RPKI security infrastructures, ROAs are crucial components in the defense of cyberspace, providing authentication and verification mechanisms for routes vital to the security of Internet routing. Despite its undeniable benefits, creating and maintaining ROA has its own set of challenges and considerations. This article explores the relevance of ROAs, examines their inherent challenges, and underscores the importance of secure implementation and management to strengthen Internet resilience.

The changing dynamics of the work environment and the increasing reliance on cloud-based solutions have catapulted Secure Access Service Edge (SASE) systems into the spotlight in the cybersecurity world, offering the possibility of integrating network security and access management into a cloud-based solution, offering flexibility and protection.This article delves into the architecture and philosophy behind SASE, explaining how it redefines security and access in cloud systems.

The industrial environment, especially the energy sector, is one of sectors that is suffering the most from cyber-attacks. This trend has been increasing in recent years, as this is one of the most information-sensitive sectors and can cause major problems, both economically and socially.One of the best examples of malware attacks is BlackEnergy. This malware became known for being able to compromise several electricity distributors on 23 December 2015, causing households in the Ivano-Frankvisk region of Ukraine (a population of around 1.5 million) to be without electricity.For this reason, due to seriousness of this type of cyberattacks, it is necessary to continue researching and investing in industrial cybersecurity, to reduce the damage caused by this type of cyber-attack in industrial environments.

The Resource Public Key Infrastructure (RPKI) is essential for Internet routing security, as it provides a method to securely connect IP addresses to autonomous systems (AS) by validating route information. RPKI effectively prevents BGP Hijacking-type attacks, where potential attackers maliciously redirect Internet traffic. This article aims to explore the design, implementation, and benefits of using RPKI to ensure security and authenticity in Internet routing.

After the pandemic, it has been observed that the healthcare sector has been one of the most attacked by cybercrimilas and organizations. This has generated a significant impact on the affected organitations, making it essencial to protect this sector due to its strategic nature and to achieve this, it is neccesary to understand its characteristics and the threats that affect it.

Article summarizing the Industrial Control Systems (ICS) alerts published during the year 2023 on the INCIBE-CERT website, with emphasis on different indicators, such as criticality, type of attack, etc.The motivation is to give the published notices an added value, in order to compile the information of the whole year as a logbook. In addition, this type of article was well received in previous years, showing in several talks the graphs of the article to argue the exponential growth of vulnerabilities in ICS. 

Ransomware, one of the top cybersecurity threats in today's landscape, allows criminals to hijack data and demand ransoms. Although there are various families and variants, some are especially destructive. These cybercriminals have refined their methods, using everything from complex extortion to bug bounty-type programs. In the face of these challenges, we will explore tools and strategies to recover from and defend against such attacks.