Blog

Threat analysis studies: Mekotio, FluBot, Cring and WannaMine

Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.

Emotet: characteristics and operation

In this post, an office document, a .doc file with macros, will be analyzed through the static and dynamic analysis of the sample in a controlled environment, in order to identify the actions carried out by the Emotet malware.

Tags:

Ekans ransomware: prevention, detection and response

This post presents some lines of action to be followed in the case of having fallen victim to Ekans ransomware. It describes in detail the prevention, identification and response phases to be carried out.

Tags:

Continuity

Critical infrastructures

Cryptography

Cybercrime

Incident

Industrial Control System

INCIBE-CERT technical webinars

With the aim of increasing cybersecurity knowledge, INCIBE-CERT has published a series of webinars in video format, so that, in a light and entertaining way, knowledge and technical aspects of cybersecurity can be expanded in various areas of interest, for both INCIBE-CERT's technical audience and anyone interested in cybersecurity.

Tags:

Bastioning procedures

Ekans ransomware: features and operation

In this new blog entry, we will analyze the features and describe the operation of a new ransomware called Ekans, initially known as Snake, which has a very specific design, aimed at infecting and blocking Industrial Control Systems (ICS).

Tags:

Continuity

Critical infrastructures

Cryptography

Cybercrime

Incident

Industrial Control System

Sodinokibi: prevention, identification and response

Sodinokibi uses the RaaS (Ramsonware as a Service) model, which favours its rapid spread. In this article we present some lines of action that should be followed in the case of having been a victim of this sophisticated malware or if it is suspected that it could have infected our systems.

Tags:

NetWalker ransomware: analysis and preventative measures

In the last few days there have been various reports, both nationally and internationally, of a ransomware campaign called NetWalker, also known as Mailto or Koko, which appears to target healthcare centers, taking advantage of the current state of alarm declared as a result of the COVID-19 pandemic.

Tags:

Sodinokibi: features and operation

The ransomware attacks have experienced a great evolution from its beginnings, being able to identify a great amount of different families at the present time, many of them are highly sophisticated, with high propagation and persistence. In this blog we explain what is Sodinokibi and how it works.

Tags:

Smart cars: are they prepared for threats?

Over the years, the automotive sector has been growing and evolving technologically. During this time, different deficiencies or vulnerabilities in smart cars have been discovered. For this reason, one of the key issues for this new type of vehicle is protection against possible threats.

Tags:

Emerging Threats to Industrial Control Systems

Over recent years we have witnessed how industrial controls systems are not exempt from being targeted for cyberattacks. In this article we look back at threats detected in recent years to see how we can defend ourselves against them.

Tags:

Incident

Industrial Control System

Malware

Threats