Home / Blog / Filter / Blog
Subscribe to INCIBE-CERT - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: SCADA
Factory drawing

Industroyer2, the ampere strikes back

Posted on 02/09/2023, by INCIBE
Confrontations between countries no longer only take place in the physical world, in this new decade, these confrontations also move to the cyber world. The conflict between Russia and Ukraine is one of the clearest examples. Among the events that have taken place is the security incident known as Industroyer2, which affected an electrical supplier in Ukraine. The Industroyer2 is the evolution of its predecessor, the malware known as Industroyer, which was able to affect multiple protocols of industrial control systems during its execution. This new variant of the malware focuses on a particular communications protocol, IEC-104, which is widely used in Europe and the Middle East to monitor and control the power system via the TCP/IP communications protocol.
Tags: 
APT
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Cybercrime
Embedded systems
IIoT
Industrial protocol
SCADA
Smart Grid
Threats
Vulnerability
Windows
Image of a programmable logic controller

Secure programming techniques for PLC

Posted on 02/02/2023, by INCIBE
The programming of PLCs is a fundamental part of the initial phases when building and designing industrial plants. About that environment, the company will base all its operations in that environment making the configuration of these controllers a critical element. When it comes to programming these devices there are a series of steps and best practices that take advantage of the native functionalities available and that involve little or no need to resort to a PLC programmer, protecting the device in a simple way with minimum spend on resource.
Tags: 
Best practices
Firewall
HMI
IDS/IPS
IIoT
Industrial Control System
Industrial protocol
IoT
Policies
Safe development
SCADA
Services deployment
SIEM
Studies & stats
Threats
Virtualization
Vulnerability
Wireless
Crystal ball 2023

What to expect from the industrial cybersecurity in 2023?

Posted on 01/26/2023, by INCIBE
In the year 2022 and as is reflected in the article “Industrial Security 2022 in numbers”, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year. Especially in the industrial sector, the number of attacks has grown exponentially due to the massive introduction of IoT devices (it is expected to go from 13.5 to 21.5 million connected devices in three years) or more specifically about IIoT devices, which have been the main gateway for attacks as manufacturers have prioritized features and mass-production of devices over the security. In addition, this is compounded by planned obsolescence planned (increasingly present in this type of devices), increased interoperability and connectivity and the appearance of new types of malware and exploits which are much more effective.
Tags: 
APT
Critical infrastructures
IIoT
Industrial Control System
Phishing
SCADA
Smart Grid
Social engineering
Threats
decorative image

Incontroller, the intelligent menace

Posted on 12/15/2022, by INCIBE
The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.
Tags: 
Critical infrastructures
Cybercrime
Embedded systems
Incident
Industrial Control System
Industrial protocol
Linux
Malware
PLC
Rootkit
SCADA
Threats
Vulnerability
Windows
ML in ICS

Machine learning in ICS

Posted on 06/23/2022, by INCIBE
In recent years, the concept of machine learning has gained more prominence, mainly driven by advances in parallel computing capacity. More and more developments, applications and programs are using these algorithms to provide systems with greater security, intelligence and independence. However, it’s rarely used in industrial environments, although some recent tests and developments prove its effectiveness, including in the scope of detection and prediction of cyber attacks.
Tags: 
Best practices
Critical infrastructures
Data protection
IDS/IPS
Industrial Control System
Safe development
SCADA
Standard IEC 62443-4-2, the need to secure ISC components

IEC 62443-4-2, the need to secure components

Posted on 05/12/2022, by INCIBE
The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Incident
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA
FAT and SAT tests on ICS

FAT and SAT tests on industrial devices

Posted on 04/07/2022, by INCIBE
The continuity of the production process in businesses that require industrial automation depends more and more on the proper functioning, safety and reliability of the system of that composes it. Therefore, conducting tests of acceptance of its operation prior to its commissioning, is vital to ensure that the systems acquired meet the requirements set out in the contract between the company and the manufacturer.
Tags: 
Bastioning procedures
Best practices
Critical infrastructures
Data protection
Industrial Control System
Legal compliance
Pentesting
Policies
Safe development
SCADA
Security level according to IEC 62443-3-3 in control systems

Security level according to IEC 62443-3-3 in Industrial Control Systems

Posted on 03/10/2022, by INCIBE
Standard 62443 arose as a development the ISA 99 standard to fully cover security within control systems. Divided into several parts, each refers to different aspects related to security. The IEC 62443-3-3 standard refers to system security requirements and security levels.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Incident
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA
Log4Shell: analysis of vulnerabilities in Log4j

Log4Shell: analysis of vulnerabilities in Log4j

Posted on 02/24/2022, by INCIBE
This post will analyse the vulnerabilities associated with Log4Shell, detected in the library Log4j, which is found in infinite software products both in technical and industrial fields. Although there have been other instances of more sophisticated vulnerabilities, the problem with this one is area of exposure.
Tags: 
Android
Continuity
Critical infrastructures
Cybercrime
Data protection
IIoT
Incident
Industrial Control System
Industrial protocol
iOS
IoT
Linux
Safe development
SCADA
Services deployment
Threats
Vulnerability
Windows
CORBAsec security in CORBA middleware

CORBAsec: security in CORBA middleware

Posted on 01/20/2022, by INCIBE
Not all industrial control systems operate with the same programming language given that, depending on the manufacturer, devices will work with a specific software and programming language. This may be a problem for plant managers in industrial systems, as the interconnectivity between devices becomes impossible, or at least, is further complicated. One solution that has emerged in order to connect systems from different operating systems is CORBA standard and CORBAsec, its development with added security.
Tags: 
Critical infrastructures
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA
Services deployment

Pages