Home / Segmented / Development


This section provides content of interest to professionals who handle different programming languages, development environments, tools to ensure security, code analysts and auditors, cryptographers, or specialists in reverse engineering and malware.

Crystal ball 2023

What to expect from the industrial cybersecurity in 2023?

Posted on 01/26/2023, by INCIBE
In the year 2022 and as is reflected in the article “Industrial Security 2022 in numbers”, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year. Especially in the industrial sector, the number of attacks has grown exponentially due to the massive introduction of IoT devices (it is expected to go from 13.5 to 21.5 million connected devices in three years) or more specifically about IIoT devices, which have been the main gateway for attacks as manufacturers have prioritized features and mass-production of devices over the security. In addition, this is compounded by planned obsolescence planned (increasingly present in this type of devices), increased interoperability and connectivity and the appearance of new types of malware and exploits which are much more effective.
hand breaking stone shield

How to prevent an antivirus bypass

Posted on 12/29/2022, by INCIBE
Antivirus is one of the main lines of defence when a user downloads a malicious file or an attacker has gained access to the computer and attempts to execute malware. Cybercriminals use various means to avoid an antivirus, using different tools and techniques depending on their type and functionalities. This article details the techniques commonly used, as well as the protective measures we should take to prevent attackers from executing malware on our computers.
decorative image

Incontroller, the intelligent menace

Posted on 12/15/2022, by INCIBE
The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.
Context in the measurement of cyberresilience at the national level

Context in the measurement of cyberresilience indicators at the national level

Posted on 10/27/2022, by INCIBE
Organisations are exposed to the consequences of cyber threats, and may be ill-prepared to face and manage cyber incidents, whether provoked or unprovoked. For this reason, in 2014 INCIBE launched its Indicators for the Improvement of Cyber Resilience (IMC) model, with the aim of improving and understanding the state of cyber resilience in organisations.
Threat analysis study

Threat analysis study: Nobelium

Posted on 09/08/2022, by INCIBE
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Command and control post

C&C: models, function and measures

Posted on 08/18/2022, by Ricardo del Rio García (INCIBE)
This post explains the infrastructure of command and control (C&C), describing what an attack consists of, related terminology, actions undertaken by attackers, models, general function and preventative measures, detection and response to this threat.

Differences between OT DMZ and IT DMZ

Posted on 08/04/2022, by INCIBE
Demilitarized zones, also known as DMZs (demilitarized zones), are used for the secure exchange of information between computers on a network that we want to protect and an external network that needs to access those computers. DMZs are widely used in the IT sector and also in the OT sector, but the equipment and services they host are not exactly the same.

Machine learning in ICS

Posted on 06/23/2022, by INCIBE
In recent years, the concept of machine learning has gained more prominence, mainly driven by advances in parallel computing capacity. More and more developments, applications and programs are using these algorithms to provide systems with greater security, intelligence and independence. However, it’s rarely used in industrial environments, although some recent tests and developments prove its effectiveness, including in the scope of detection and prediction of cyber attacks.