This post presents some lines of action to be followed in the case of having fallen victim to Ekans ransomware. It describes in detail the prevention, identification and response phases to be carried out.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Industrial Control System
In this new blog entry, we will analyze the features and describe the operation of a new ransomware called Ekans, initially known as Snake, which has a very specific design, aimed at infecting and blocking Industrial Control Systems (ICS).
After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.
Exfiltration of data, or information leakage, poses a threat to all companies throughout the world. It is important to know the possible ways information can get out to control them and avoid a loss of information in our organisation. Since in industry the most important factor is availability, this threat has to be put into perspective.
The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.
The first step in securing industrial control systems is making an inventory containing all the assets involved in the process. With this information, the inventory can be used to properly manage vulnerabilities, which will make it possible to take the necessary measures to solve and mitigate them.
Time synchronization in industrial devices is a critical factor. In terms of time, industrial processes and the programming logic of industrial devices have specific needs. These may require specific accuracy that determines the need to use one protocol or another, as well as dependencies on cost or on the network infrastructure itself. Explaining the main differences is key when using one or another in industrial infrastructures. Just as each protocol has different nuances, there are certain differences to be taken into account within security.
The Modbus protocol, in its TCP version, was not developed with cybersecurity capabilities in its communications. For this reason, many researchers have studied the different possibilities that could be undertaken at the technical level to incorporate a security layer in it, giving rise to a new version of Modbus/TCP called secure Modbus/TCP, which will gradually begin to be implemented in industrial communications.
Throughout the year 2019, we have worked on the detection, treatment and preparation of notices related to cybersecurity in industrial environments, classifying them based on the sector, manufacturer, criticality, etc. This article summarises this work and makes a brief prediction of the events that will take place in 2020.