Blog

With the aim of increasing cybersecurity knowledge, INCIBE-CERT has published a series of webinars in video format, so that, in a light and entertaining way, knowledge and technical aspects of cybersecurity can be expanded in various areas of interest, for both INCIBE-CERT's technical audience and anyone interested in cybersecurity.

In this post we will explain the ability to resist, one of the 4 goals of the IMC model, which allows us to determine if an organization is capable of continuing with the essential services it provides, in the event of a cyberattack.

In this new blog entry, we will analyze the features and describe the operation of a new ransomware called Ekans, initially known as Snake, which has a very specific design, aimed at infecting and blocking Industrial Control Systems (ICS).

After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.

GNSS (Global Navigation Satellite System) technology is deeply integrated into society to meet geolocation and time measurement needs; it is considered one of the most reliable and it is a critical element for certain industrial sectors. However, due to the advancement of the technology and its widespread use, GNSS are being compromised by cybercriminals.

In this post we explain the update made in the IMC model to continue improving its approach and applicability to companies.

In this blog post we detail the new PGP keys generated by INCIBE-CERT to establish secure communication channels with different audiences.

Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.

Exfiltration of data, or information leakage, poses a threat to all companies throughout the world. It is important to know the possible ways information can get out to control them and avoid a loss of information in our organisation. Since in industry the most important factor is availability, this threat has to be put into perspective.