Segmentados Investigación y Análisis

The Resource Public Key Infrastructure (RPKI) is essential for Internet routing security, as it provides a method to securely connect IP addresses to autonomous systems (AS) by validating route information. RPKI effectively prevents BGP Hijacking-type attacks, where potential attackers maliciously redirect Internet traffic. This article aims to explore the design, implementation, and benefits of using RPKI to ensure security and authenticity in Internet routing.

After the pandemic, it has been observed that the healthcare sector has been one of the most attacked by cybercrimilas and organizations. This has generated a significant impact on the affected organitations, making it essencial to protect this sector due to its strategic nature and to achieve this, it is neccesary to understand its characteristics and the threats that affect it.

Article summarizing the Industrial Control Systems (ICS) alerts published during the year 2023 on the INCIBE-CERT website, with emphasis on different indicators, such as criticality, type of attack, etc.The motivation is to give the published notices an added value, in order to compile the information of the whole year as a logbook. In addition, this type of article was well received in previous years, showing in several talks the graphs of the article to argue the exponential growth of vulnerabilities in ICS. 

Ransomware, one of the top cybersecurity threats in today's landscape, allows criminals to hijack data and demand ransoms. Although there are various families and variants, some are especially destructive. These cybercriminals have refined their methods, using everything from complex extortion to bug bounty-type programs. In the face of these challenges, we will explore tools and strategies to recover from and defend against such attacks.

Second part of the Top 20 mitigations for industrial environments. This part will focus on mitigations related to network architecture, industrial protocols, network configuration and vulnerability scanning.

In the industrial world, there are a large number of systems, equipment, networks, areas, ducts, cloud environments, IT-OT environments, etc. In recent years, the number of attacks on industrial environments has been growing exponentially, and not only on purely industrial environments, but also on corporate environments that are connected to industrial environments. These IT environments being access points for attackers due to this IT/OT connectivity.

Managing and predicting vulnerabilities has become an essential task for cybersecurity. The Exploit Prediction Scoring System  (EPSS) is a methodology launched in 2019, which uses algorithms and threat intelligence data to predict the likelihood of a specific vulnerability being exploited by threat actors in a short space of time.In an environment where organizations are faced with an increasing number of vulnerabilities, EPSS effectively prioritizes responses to vulnerabilities based on their risk of exploitation. Through meticulous information collection and analysis, this system offers an efficient view of the threats affecting the business, allowing organizations to act proactively. This article focuses on understanding EPSS, how it improves security posture, and best practices for its implementation. 

The security gaps and issues that exist within industrial environments are sometimes unknown to many information consumers. This article aims to bring first hand some of the most interesting issues and attack trends in 2023 in the industrial sector. Different industrial cybersecurity incidents so far this year will be described at a high level and a comparison will be made with the trend presented at the beginning of the year.

The Border Gateway Protocol (BGP) is fundamental to the functioning of the Internet as we know it, as it serves to route data flows along the optimal routes, through several different hops (or IPs). However, it was not designed with security by design, which opens the door to hijacking BGP-type  threats. Through these types of attacks, malicious actors can redirect traffic, causing data loss, such as  in Man-in-the-Middle, among others. This article explores in depth these types of attacks, their impact, and the countermeasures available through mechanisms such as RPKI, IRR, and ROA. 

OSINT (Open-Source Intelligence) is a technique that focuses on the collection, evaluation and analysis of public information through different methods and techniques, with the objective of discovering vulnerabilities or collecting sensitive information that could become threats. It should be emphasized that the data collection is not called OSINT, it would be raw information. Once this information is evaluated and treated, it could be said that we are really talking about open-source intelligence (OSINT).Initially it has been used in the military and government sector. Its use in OT, with disciplines such as SIGINT (Signals Intelligence), IMINT (Imagery Intelligence) or even 'Sock Puppets' (fake profiles or intruders in technical forums) is making havoc due to the criticality of this equipment. Disinformation or the compilation of sensitive industrial technical information are some of the serious consequences that this sector is exposed to.

The  Avaddon ransomware appears as a disturbing threat that has demonstrated its ability to exploit vulnerabilities in systems, compromising the security and integrity of critical data. This article dives into the details of how Avaddon works, while also providing a comprehensive analysis of strategies to detect and mitigate the threat. 

The  Hive ransomware (especially in its v5 version) stands out for its sophistication, and for the impact caused to hundreds of companies and organizations worldwide, bypassing conventional defenses and challenging analysts with its advanced techniques.In this article, we unravel its features, from its encryption methods to its anti-analysis countermeasures, illustrating not only the threat it poses, but also how it can be combated. Through a technical analysis, it is intended to empower readers with the knowledge necessary to understand and ultimately defend against these types of threats.