Home / Blog / Filter / Blog
Subscribe to INCIBE-CERT - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Social engineering
Hacked screen detected

Tactics and techniques of the bad guys in SCI

Posted on 03/07/2023, by INCIBE
Industrial Control Systems (ICS) were initially designed to work in sealed environments and as stand-alone systems, interconnections between systems were scarce, as were safety protections. The constant evolutions in the field of ICS, including the inclusion of a large number of communication protocols, IIoT devices, the expansion of interconnections, an incessant search for interoperability between systems and the inclusion of these architectures in critical systems, has meant that the networks on which these industrial control systems, has meant that the networks on which these industrial control systems are built, also known as control networks, have increased their security exponentially.
Tags: 
Antiforensic
Best practices
Critical infrastructures
Cybercrime
DevOps
Incident
Industrial Control System
Malware
Phishing
Social engineering
Studies & stats
Threat intelligence
Threats
Virtualization
Windows
dos hombres con unidades de almacenamiento

System hardening: the case of Linux

Posted on 03/02/2023, by INCIBE
Knowing the resources available when performing tasks of hardening a system, will allow us to optimize the time necessary to obtain a safer system. In addition, we have the possibility of using tools capable of auditing the system that identifies those configurations that are considered safe and which ones we could implement.
Tags: 
Android
Antivirus
Bastioning procedures
Biometrics
Cloud computing
Firewall
Identity management
IDS/IPS
IIoT
Incident
iOS
Linux
Networking
OSINT
SIEM
Social engineering
Virtualization
Windows
Wireless
Crystal ball 2023

What to expect from the industrial cybersecurity in 2023?

Posted on 01/26/2023, by INCIBE
In the year 2022 and as is reflected in the article “Industrial Security 2022 in numbers”, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year. Especially in the industrial sector, the number of attacks has grown exponentially due to the massive introduction of IoT devices (it is expected to go from 13.5 to 21.5 million connected devices in three years) or more specifically about IIoT devices, which have been the main gateway for attacks as manufacturers have prioritized features and mass-production of devices over the security. In addition, this is compounded by planned obsolescence planned (increasingly present in this type of devices), increased interoperability and connectivity and the appearance of new types of malware and exploits which are much more effective.
Tags: 
APT
Critical infrastructures
IIoT
Industrial Control System
Phishing
SCADA
Smart Grid
Social engineering
Threats
Threat analysis study

Threat analysis study: Nobelium

Posted on 09/08/2022, by INCIBE
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
Threat analysis image

Threat analysis study: Grandoreiro

Posted on 06/02/2022, by INCIBE
Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
imagen de estudios de amenazas

Threat analysis study: Hive

Posted on 12/20/2021, by INCIBE
The malicious code of the ransomware known as ‘Hive’ represents a threat to all users, as it implements encryption functionalities on the information in an infected computer, making simple recovery of the data impossible. This threat attempts to use extortion to recover the information, demanding a payment and threatening publication of part of the stolen information on a blog through the network Tor if the payment is not forthcoming.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
Ransomware: preventative measures (II)

Ransomware: preventative measures (II)

Posted on 09/30/2021, by INCIBE
Cyberattacks using ransomware are one of the main threats for companies all over the world and Spain is the tenth most affected country. That is why, in this article, as a continuation of the previous one entitled: ‘Ransomware: preventative measures (I)’, will cover in detail new recommendations to prevent them.
Tags: 
Antivirus
Bastioning procedures
Best practices
Continuity
Cybercrime
Data protection
Firewall
Malware
Policies
Ransomware measures
Safe development
Social engineering
Threats
image of threat studies

Threat analysis study: Anatsa

Posted on 07/05/2021, by INCIBE
Anatsa is a banking Trojan designed for Android devices that has become particularly relevant since its discovery in January 2021. Throughout the study, a detailed technical analysis of the threat is carried out using a sample of the malicious code in question to show how this malware behaves and the possibilities it offers.
Tags: 
Android
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Safe development
Social engineering
Studies & stats
Threats
Threat analysis studies image

Threat analysis studies: Mekotio, FluBot, Cring and WannaMine

Posted on 04/15/2021, by INCIBE
Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.
Tags: 
Android
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows

Pages