Home / Blog
Subscribe to INCIBE-CERT - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
hand edge computing

Edge computing the future in computation

Posted on 01/11/2023, by INCIBE
After the establishment of the cloud technology in industrial environments to provide processes a greater intelligence, new technological challenges arise that give rise to technical implementation solutions such as edge computing. This strategy makes it possible to extend cloud environments to different locations for processing collected data from the environment locally and immediately. An example of this new technological paradigm can be seen in modern manufacturing plants where sensors (IIoT) generate a constant flow of data to prevent breakdowns, improve operations, etc. Given that amount of data that can be generated, it is faster and more profitable to process the data in a close position from the equipment rather than transmitting It to a remote data center.
Tags: 
Cloud computing
Critical infrastructures
IIoT
Industrial Control System
hand breaking stone shield

How to prevent an antivirus bypass

Posted on 12/29/2022, by INCIBE
Antivirus is one of the main lines of defence when a user downloads a malicious file or an attacker has gained access to the computer and attempts to execute malware. Cybercriminals use various means to avoid an antivirus, using different tools and techniques depending on their type and functionalities. This article details the techniques commonly used, as well as the protective measures we should take to prevent attackers from executing malware on our computers.
Tags: 
Antivirus
APT
Bastioning procedures
Best practices
Cybercrime
Firewall
Incident
Malware
Pentesting
Threats
Vulnerability
Windows
decorative image

Incontroller, the intelligent menace

Posted on 12/15/2022, by INCIBE
The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.
Tags: 
Critical infrastructures
Cybercrime
Embedded systems
Incident
Industrial Control System
Industrial protocol
Linux
Malware
PLC
Rootkit
SCADA
Threats
Vulnerability
Windows
decorative image

Web-based virtual radars

Posted on 11/11/2022, by Víctor Rivero Díez (INCIBE)
Es tanta la información que se encuentra actualmente accesible para los usuarios en Internet, que aquella ofrecida por ciertas páginas web o aplicaciones en tiempo real puede resultar de especial preocupación en cuanto a su confidencialidad para ciertos sectores, dado que podría ser utilizada con fines malintencionados.
Tags: 
Critical infrastructures
Data protection
IIoT
IoT
Networking
OSINT
Threats
Context in the measurement of cyberresilience at the national level

Context in the measurement of cyberresilience indicators at the national level

Posted on 10/27/2022, by INCIBE
Organisations are exposed to the consequences of cyber threats, and may be ill-prepared to face and manage cyber incidents, whether provoked or unprovoked. For this reason, in 2014 INCIBE launched its Indicators for the Improvement of Cyber Resilience (IMC) model, with the aim of improving and understanding the state of cyber resilience in organisations.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Policies
Safe development
Studies & stats
Threats
decorative image

Attacks on analog sensors in OT

Posted on 10/06/2022, by INCIBE
In order to increase security levels in OT networks, there are now solutions that monitor networks, devices and configurations, actively looking for anomalies and possible security flaws and intrusions that could take place. However, there are other types of attacks on ICS that are carried out on a completely different plane, where anomaly analysis systems can’t reach. These are attacks on analog sensors.
Tags: 
Critical infrastructures
HMI
IIoT
Industrial Control System
IoT
PLC
Services deployment
Threats
Threat analysis study

Threat analysis study: Nobelium

Posted on 09/08/2022, by INCIBE
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
Command and control post

C&C: models, function and measures

Posted on 08/18/2022, by Ricardo del Rio García (INCIBE)
This post explains the infrastructure of command and control (C&C), describing what an attack consists of, related terminology, actions undertaken by attackers, models, general function and preventative measures, detection and response to this threat.
Tags: 
APT
Bastioning procedures
Botnet
Continuity
Critical infrastructures
Cybercrime
Data protection
DrDoS
Firewall
IDS/IPS
Malware
Phishing
Safe development
Services deployment
Threats
Vulnerability
OT DMZ vs IT DMZ

Differences between OT DMZ and IT DMZ

Posted on 08/04/2022, by INCIBE
Demilitarized zones, also known as DMZs (demilitarized zones), are used for the secure exchange of information between computers on a network that we want to protect and an external network that needs to access those computers. DMZs are widely used in the IT sector and also in the OT sector, but the equipment and services they host are not exactly the same.
Tags: 
Bastioning procedures
Best practices
Critical infrastructures
Data protection
Firewall
Honeypot
Industrial Control System
Policies
Safe development
Services deployment

Pages