In recent years, indicators of compromise have become the best way of exchanging information when it comes to managing an incident. But, do we really know how to manage an indicator of compromise? The aim of an indicator of compromise is to map the information that is received or extracted during the analysis of an incident. This is done in such a way that it can be reused by other investigators or affected people, in order to discover the same evidence in their systems and to be able to determine if they have been compromised or not.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Incident
Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.
The year 2016 has come to an end and once again we have witnessed an increase in the number of vulnerabilities published affecting control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. The scenario for 2017 is similar to that of the past year.
The process of fulfilling an attack implies many previous stages before arriving to the visible stage of the attack, that is, to the moment when the security of a system, company or industry is compromised. The cyber kill chain describes all those previous stages and establishes preventive actions for each of them.
The well known motto "there is strength in numbers" perfectly describes the beneficial situation that involves collaboration and knowledge sharing on cyber threats. The concept of Information Sharing bring to us the idea of establishing methods to share and take full benefit of the gathered knowledge among all actors. Among these partners, CERT and security companies play a key role in defining consensus documentation and the pathway for sharing knowledge effectively.