CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.
This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.
The automotive world has always been one of the most cutting-edge sectors in terms of the technology used, which is why today's cars are equipped with technologies such as Bluetooth, NFC, GPS, etc., which improve different aspects such as comfort, fuel efficiency and increased safety.
But these implemented technologies can also bring with them serious problems, such as the risk of cyber-attacks that can affect passengers in the vehicle, both at the level of personal data and physical security.
For this reason, this article aims to provide an insight into some of the cyber-attacks that smart cars have suffered and how cyber-security is evolving and adapting to make more and more vehicles cyber-safe.
Currently, industrial infrastructures are suffering more attacks than ever before, and it is expected that attacks on these types of infrastructures will continue to grow exponentially in the coming years. This is why, throughout this article, an analysis will be made of a group of cybercriminals and their standard attack, showing how information can be obtained on the modus operandi, when and by what tactics and techniques they managed to attack an industrial infrastructure
The industrial environment, especially the energy sector, is one of sectors that is suffering the most from cyber-attacks. This trend has been increasing in recent years, as this is one of the most information-sensitive sectors and can cause major problems, both economically and socially.
One of the best examples of malware attacks is BlackEnergy. This malware became known for being able to compromise several electricity distributors on 23 December 2015, causing households in the Ivano-Frankvisk region of Ukraine (a population of around 1.5 million) to be without electricity.
For this reason, due to seriousness of this type of cyberattacks, it is necessary to continue researching and investing in industrial cybersecurity, to reduce the damage caused by this type of cyber-attack in industrial environments.