MITRE Caldera OT stands out mainly for being an open-source tool that allows the simulation of different cyber-attacks in industrial environments. This tool was created by MITRE and CISA (US Cybersecurity and Infrastructures Security Agency), as the experts saw the need to be able to improve and understand cybersecurity in industrial environments without using a high number of resources.
In addition, this tool is designed to be used by both the Red Team and the Blue Team, allowing both teams to collaborate with each other to improve the level of cyber security in these environments.
The increasing development of malware targeting the industrial world has not halted its momentum in the slightest. Several research groups have detected a new malware called Fuxnet and are currently investigating its scope. This malware has the capability to send specific requests at the serial level, via RS485/MBus, executing floods to more than 87.000 assets, including control systems and integrated sensors deployed across different sectors. Among the infrastructures compromised by this malware, we find hospitals, airports and other critical infrastructures that provide essential services to the population.
In the field of cybersecurity, CASB systems play a crucial role in providing an additional layer of protection for cloud applications. This approach prevents threats, detects malware, and ensures privacy in a digital environment, thereby addressing the growing need for data protection.
This article explores how CASB systems work, their key applications, and their benefits in terms of security and privacy, ensuring that applications operate by protecting data in cloud environments and maintaining fine-grained control over cloud operations. From vendor assessment to malicious behavior detection, its versatility extends, offering benefits such as risk mitigation and improved cloud security.
UMAS (Unified Messaging Application Services) is a Schneider Electric (SE) proprietary protocol used to configure and monitor Schneider Electric programmable logic controllers (PLCs). While it is true that the protocol is related to this manufacturer, the use of the protocol is quite widespread in different sectors, especially the energy sector, as is obvious.
The article will focus on the technical breakdown of the protocol and the use of the protocol. The article will also show weaknesses, strengths and some technical vulnerabilities detected in this protocol.
The UN R155 and UN R156 regulations are of vital importance for vehicle cybersecurity. From July 2022, all car manufacturers that want to be type-approved must comply with both regulations, but from July 2024 this requirement will be extended to all new vehicles sold in the European Union, regardless of when the manufacturer obtained type-approval. One of the most important aspects of compliance with both regulations is the completion of a cybersecurity risk assessment of the vehicle, including all integrated components of the vehicle's supply chain. On the other hand, it also specifies how to incorporate cybersecurity from design, how to detect and respond to incidents, how to securely update vehicle software, etc.
In the electricity sector, it has always been necessary to use robust communications that allow proper communication, since a failure in this sector would cause a large number of losses, both economic and social.
In addition, with the technological advances, it is important also to have secure communications since the electricity sector is one of the sectors that currently suffers the most cyber-attacks. For this reason, in recent years different robust and secure protocols have been created.
One of these protocols is DNP3, created mainly for the use of substation automation and control systems, for the electric utility industry, although it has now also been used for other sectors.
Finally, in this article we want to explain in more depth the operation of this protocol and the benefits or disadvantages of using this protocol.
CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.
This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.
In the industrial world, there are a large number of systems, equipment, networks, areas, ducts, cloud environments, IT-OT environments, etc. In recent years, the number of attacks on industrial environments has been growing exponentially, and not only on purely industrial environments, but also on corporate environments that are connected to industrial environments. These IT environments being access points for attackers due to this IT/OT connectivity.
IDSs are passive elements that are in our network to ensure its security, but what would happen if all our communications were encrypted, or would this protection measure be enough to ensure that my network is protected? These questions and more will be discussed in the following article to provide solutions and advice focused on industrial environments.
The programming of PLCs is a fundamental part of the initial phases when building and designing industrial plants. About that environment, the company will base all its operations in that environment making the configuration of these controllers a critical element. When it comes to programming these devices there are a series of steps and best practices that take advantage of the native functionalities available and that involve little or no need to resort to a PLC programmer, protecting the device in a simple way with minimum spend on resource.