Home / Segmented / Development

Development

This section provides content of interest to professionals who handle different programming languages, development environments, tools to ensure security, code analysts and auditors, cryptographers, or specialists in reverse engineering and malware.

Threat analysis study

Threat analysis study: Nobelium

Posted on 09/08/2022, by INCIBE
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
Command and control post

C&C: models, function and measures

Posted on 08/18/2022, by Ricardo del Rio García (INCIBE)
This post explains the infrastructure of command and control (C&C), describing what an attack consists of, related terminology, actions undertaken by attackers, models, general function and preventative measures, detection and response to this threat.
Tags: 
APT
Bastioning procedures
Botnet
Continuity
Critical infrastructures
Cybercrime
Data protection
DrDoS
Firewall
IDS/IPS
Malware
Phishing
Safe development
Services deployment
Threats
Vulnerability
OT DMZ vs IT DMZ

Differences between OT DMZ and IT DMZ

Posted on 08/04/2022, by INCIBE
Demilitarized zones, also known as DMZs (demilitarized zones), are used for the secure exchange of information between computers on a network that we want to protect and an external network that needs to access those computers. DMZs are widely used in the IT sector and also in the OT sector, but the equipment and services they host are not exactly the same.
Tags: 
Bastioning procedures
Best practices
Critical infrastructures
Data protection
Firewall
Honeypot
Industrial Control System
Policies
Safe development
Services deployment
ML in ICS

Machine learning in ICS

Posted on 06/23/2022, by INCIBE
In recent years, the concept of machine learning has gained more prominence, mainly driven by advances in parallel computing capacity. More and more developments, applications and programs are using these algorithms to provide systems with greater security, intelligence and independence. However, it’s rarely used in industrial environments, although some recent tests and developments prove its effectiveness, including in the scope of detection and prediction of cyber attacks.
Tags: 
Best practices
Critical infrastructures
Data protection
IDS/IPS
Industrial Control System
Safe development
SCADA
Threat analysis image

Threat analysis study: Grandoreiro

Posted on 06/02/2022, by INCIBE
Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.
Tags: 
Antiforensic
Antivirus
Botnet
Cryptography
Cybercrime
DFIR
Forensics
Incident
Linux
Malware
Networking
Pentesting
Phishing
Reversing
Safe development
Social engineering
Studies & stats
Threat intelligence
Threats
Vulnerability
Windows
Standard IEC 62443-4-2, the need to secure ISC components

IEC 62443-4-2, the need to secure components

Posted on 05/12/2022, by INCIBE
The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Incident
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA
FAT and SAT tests on ICS

FAT and SAT tests on industrial devices

Posted on 04/07/2022, by INCIBE
The continuity of the production process in businesses that require industrial automation depends more and more on the proper functioning, safety and reliability of the system of that composes it. Therefore, conducting tests of acceptance of its operation prior to its commissioning, is vital to ensure that the systems acquired meet the requirements set out in the contract between the company and the manufacturer.
Tags: 
Bastioning procedures
Best practices
Critical infrastructures
Data protection
Industrial Control System
Legal compliance
Pentesting
Policies
Safe development
SCADA
Cybersecurity measures from a global perspective

Cybersecurity measures from a global perspective

Posted on 03/11/2022, by INCIBE
An adequate level of cybersecurity and cyberresilience is essential to keep assets safe from possible cyberattacks. This is why INCIBE-CERT has listed a set of measures and good practices that are valid for any need that affects cybersecurity.
Tags: 
Antivirus
Bastioning procedures
Best practices
Cloud computing
Continuity
Critical infrastructures
Cybercrime
Data protection
Firewall
Identity management
IDS/IPS
Incident
Industrial Control System
Malware
Phishing
Policies
Safe development
Services deployment
SIEM
Threats
Vulnerability
Security level according to IEC 62443-3-3 in control systems

Security level according to IEC 62443-3-3 in Industrial Control Systems

Posted on 03/10/2022, by INCIBE
Standard 62443 arose as a development the ISA 99 standard to fully cover security within control systems. Divided into several parts, each refers to different aspects related to security. The IEC 62443-3-3 standard refers to system security requirements and security levels.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Incident
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA

Pages