Post related to: Incident
Given that availability is always a critical point to take into account for within industrial environments, it is necessary to prevent the attacks that denial of services cause and that affect these environments. The means of giving way to a denial of service can be diverse, much like the means of mitigating these problems. This article will review all of these points, as well as the way in which the risks derived from these attacks can be reduced.
Advances in security within control systems have brought us many of the security tools and services offered in IT for this environment. Until now, protection was based on reactive measures, acting only where there was evidence of the attack, but this trend changed with deployment of monitoring and the proactive defensive actions that this can provide.
In recent years, indicators of compromise have become the best way of exchanging information when it comes to managing an incident. But, do we really know how to manage an indicator of compromise? The aim of an indicator of compromise is to map the information that is received or extracted during the analysis of an incident. This is done in such a way that it can be reused by other investigators or affected people, in order to discover the same evidence in their systems and to be able to determine if they have been compromised or not.
Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.
The year 2016 has come to an end and once again we have witnessed an increase in the number of vulnerabilities published affecting control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. The scenario for 2017 is similar to that of the past year.