Segmentados Investigación y Análisis

The ability to monitor and analyze the behavior of users and entities becomes crucial for early detection and response to potential threats. UEBA solutions identify unusual or anomalous patterns in user behavior, enabling rapid identification of internal threats or external compromises. This post focuses on how UEBA analysis is becoming an essential tool for a cybersecurity strategy, from identifying suspicious behavior to preventing potential security breaches.

The agri-food sector is one of the most critical sectors today because it is one of the most important sectors for the country's economy, as it produces food.This sector, like many others, is in continuous evolution. An example of this is the automation and digitalization of the many processes that are carried out. These new technologies bring many advantages, such as more efficient processes, less water consumption, detection of possible risks, etc. These great advantages also bring with them some problems, such as increased exposure to cyber-attacks.Therefore, this article provides some basic knowledge to make the industry aware of the importance of implementing cybersecurity in their technologies. 

In the industrial environment, the interconnection of industrial equipment for maintenance via the Internet is becoming increasingly common. However, this has also opened the door to a new and dangerous landscape of threats. This article reviews one of the most representative threats within this current new paradigm, APTs, how concern about this type of threat is increasing, and how they operate during an industrial attack.

In the complex web of network infrastructure, the Internet Routing Registry (IRR) stands out as an essential component, playing an important role in the coordination and security of routing policies. Its benefits are significant in building a cyberspace free of spoofing-type attacks. Knowing how to create and maintain objects in the IRR is essential for operators of Internet infrastructures. This article presents its fundamental elements and the tools that help in its life cycle

There are currently many standards and regulations in the industrial sector. A wide variety of them allow industrial organizations to check their level of maturity, such as IEC 62443, or to improve the security level of the organization through the application of a series of guidelines, good practices or guides, as in the case of the NIST Framework.Given the growth of the industrial sector, and the increase in capabilities, both in production and connectivity, thanks to the consolidation of Industry 4.0 and the emergence of Industry 5.0, industrial environments are in the focus, not only of technological improvements, but also of cyber-attacks.The application and implementation of the IEC 62443 family, in combination with the NIST Framework, will enable organizations to reduce, mitigate and control the possibility of suffering a cyber-attack by implementing the controls and best practices defined in both standards.

UMAS (Unified Messaging Application Services) is a Schneider Electric (SE) proprietary protocol used to configure and monitor Schneider Electric programmable logic controllers (PLCs). While it is true that the protocol is related to this manufacturer, the use of the protocol is quite widespread in different sectors, especially the energy sector, as is obvious.The article will focus on the technical breakdown of the protocol and the use of the protocol. The article will also show weaknesses, strengths and some technical vulnerabilities detected in this protocol.

The UN R155 and UN R156 regulations are of vital importance for vehicle cybersecurity. From July 2022, all car manufacturers that want to be type-approved must comply with both regulations, but from July 2024 this requirement will be extended to all new vehicles sold in the European Union, regardless of when the manufacturer obtained type-approval. One of the most important aspects of compliance with both regulations is the completion of a cybersecurity risk assessment of the vehicle, including all integrated components of the vehicle's supply chain. On the other hand, it also specifies how to incorporate cybersecurity from design, how to detect and respond to incidents, how to securely update vehicle software, etc. 

This post presents some lines of action that should be followed to deal with a DrDoS cyberattack based on the PortMapper protocol, describing in detail the prevention, identification and response phases to follow.

En este post se presentan algunas líneas de actuación que deben seguirse para hacer frente a un ciberataque DrDoS basado en el protocolo CharGEN, describiendo detalladamente las fases de prevención, identificación y respuesta a adoptar.

This post presents some lines of action that should be followed to deal with a DrDoS cyberattack based on the LDAP protocol, describing in detail the prevention, identification and response phases to follow.

This post presents some lines of action that should be followed to deal with a DrDoS cyberattack based on the QOTD protocol, describing in detail the prevention, identification and response phases to follow.

This post presents some lines of action that should be followed to deal with a DrDoS cyberattack based on the SSDP protocol, describing in detail the prevention, identification and response phases to follow.