Imagen decorativa Avisos
Blog updated on 11/07/2024

UMAS (Unified Messaging Application Services) is a Schneider Electric (SE) proprietary protocol used to configure and monitor Schneider Electric programmable logic controllers (PLCs). While it is true that the protocol is related to this manufacturer, the use of the protocol is quite widespread in different sectors, especially the energy sector, as is obvious.

The article will focus on the technical breakdown of the protocol and the use of the protocol. The article will also show weaknesses, strengths and some technical vulnerabilities detected in this protocol.

Imagen decorativa Avisos
Blog posted on 04/07/2024

In the complex web of network infrastructure, the Internet Routing Registry (IRR) stands out as an essential component, playing an important role in the coordination and security of routing policies. Its benefits are significant in building a cyberspace free of spoofing-type attacks. Knowing how to create and maintain objects in the IRR is essential for operators of Internet infrastructures. This article presents its fundamental elements and the tools that help in its life cycle

Imagen decorativa Avisos
Blog posted on 13/06/2024

The UN R155 and UN R156 regulations are of vital importance for vehicle cybersecurity. From July 2022, all car manufacturers that want to be type-approved must comply with both regulations, but from July 2024 this requirement will be extended to all new vehicles sold in the European Union, regardless of when the manufacturer obtained type-approval. One of the most important aspects of compliance with both regulations is the completion of a cybersecurity risk assessment of the vehicle, including all integrated components of the vehicle's supply chain. On the other hand, it also specifies how to incorporate cybersecurity from design, how to detect and respond to incidents, how to securely update vehicle software, etc. 

Imagen decorativa Avisos
Blog posted on 23/05/2024

Babuk Tortilla is a version of the original Babuk ransomware, which emerged after the leak of its source code, and which attracted attention in the cybersecurity landscape due to the intention of being deployed on vulnerable servers.

This article reviews its origin and operation, focusing on its modus operandi and the techniques used to breach the security of data and systems. It also provides key tools and recommendations to identify and neutralize its effect on technological infrastructures, providing users with the necessary knowledge to defend against this significant risk. Understanding how Babuk Tortilla works and its recovery mechanisms is vital.

Imagen decorativa Avisos
Blog posted on 02/05/2024

In the electricity sector, it has always been necessary to use robust communications that allow proper communication, since a failure in this sector would cause a large number of losses, both economic and social.

In addition, with the technological advances, it is important also to have secure communications since the electricity sector is one of the sectors that currently suffers the most cyber-attacks. For this reason, in recent years different robust and secure protocols have been created.

One of these protocols is DNP3, created mainly for the use of substation automation and control systems, for the electric utility industry, although it has now also been used for other sectors.

Finally, in this article we want to explain in more depth the operation of this protocol and the benefits or disadvantages of using this protocol.

Imagen decorativa Avisos
Blog posted on 18/04/2024

CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.

This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.

Imagen decorativa Avisos
Blog posted on 11/04/2024

Since its appearance in 2022, Black Basta has established itself as one of the most dangerous ransomwares in the current landscape, standing out for its ability to carry out double extortion attacks, stealing and encrypting data from its victims. Although it focuses on Windows systems, versions for Linux systems that attack ESXi hypervisors have also been discovered. At the end of December 2023, a renowned ethical hacking lab in Berlin published a decryption tool on GitHub to combat it. Although the group has recently updated its software to fix this flaw, the release of the decryption tool represents a major blow against its operations. In this article, we take a closer look at how this ransomware works, exploring the methods it employs to compromise the integrity of data and systems and presenting the decryption method for its vulnerable version.

Imagen decorativa Avisos
Blog posted on 21/03/2024

Currently, industrial infrastructures are suffering more attacks than ever before, and it is expected that attacks on these types of infrastructures will continue to grow exponentially in the coming years. This is why, throughout this article, an analysis will be made of a group of cybercriminals and their standard attack, showing how information can be obtained on the modus operandi, when and by what tactics and techniques they managed to attack an industrial infrastructure

Imagen decorativa Avisos
Blog posted on 14/03/2024

LockBit ransomware has rapidly evolved to become one of the most prolific threats of our time. Its technical sophistication, evidenced by the development of tools, such as StealBit, for automated data exfiltration and its adaptation to attack Linux servers, specifically ESXi, demonstrate the advanced adaptability and potential impact on affected organizations.

In addition, the implementation of a ransomware-as-a-service (RaaS) model and double extortion tactics underscore the complexity and coercive nature of their campaigns. The response to this threat, however, has culminated in a collaborative law enforcement effort that has succeeded in dismantling LockBit's infrastructure, leading to the arrest and indictment of several of its operators. In this article we focus on the version of LockBit 3.0, presenting its main features and the current tools for recovering data in case it has been compromised.

Imagen decorativa Avisos
Blog posted on 07/03/2024

Within the framework of RPKI security infrastructures, ROAs are crucial components in the defense of cyberspace, providing authentication and verification mechanisms for routes vital to the security of Internet routing. Despite its undeniable benefits, creating and maintaining ROA has its own set of challenges and considerations. This article explores the relevance of ROAs, examines their inherent challenges, and underscores the importance of secure implementation and management to strengthen Internet resilience.