Wireless communications encompass a set of protocols that are widely used in some industrial sectors. In particular, building automation is based on these protocols, mainly using the BACNET and Lontalks protocols, but also making use of new ZigBee and Bluetooth based devices for IIoT. This article will provide information on SweynTooth, a set of vulnerabilities that affect Bluetooth technology.
This section provides content of interest to professionals involved in vulnerability research, cybersecurity threat and event analysis, digital forensics, ethical hacking or pentesting, fraud investigation or cyberintelligence analysis.
In this post, an office document, a .doc file with macros, will be analyzed through the static and dynamic analysis of the sample in a controlled environment, in order to identify the actions carried out by the Emotet malware.
This post presents some lines of action to be followed in the case of having fallen victim to Ekans ransomware. It describes in detail the prevention, identification and response phases to be carried out.
With the aim of increasing cybersecurity knowledge, INCIBE-CERT has published a series of webinars in video format, so that, in a light and entertaining way, knowledge and technical aspects of cybersecurity can be expanded in various areas of interest, for both INCIBE-CERT's technical audience and anyone interested in cybersecurity.
In this new blog entry, we will analyze the features and describe the operation of a new ransomware called Ekans, initially known as Snake, which has a very specific design, aimed at infecting and blocking Industrial Control Systems (ICS).
GNSS (Global Navigation Satellite System) technology is deeply integrated into society to meet geolocation and time measurement needs; it is considered one of the most reliable and it is a critical element for certain industrial sectors. However, due to the advancement of the technology and its widespread use, GNSS are being compromised by cybercriminals.
Sodinokibi uses the RaaS (Ramsonware as a Service) model, which favours its rapid spread. In this article we present some lines of action that should be followed in the case of having been a victim of this sophisticated malware or if it is suspected that it could have infected our systems.
In the last few days there have been various reports, both nationally and internationally, of a ransomware campaign called NetWalker, also known as Mailto or Koko, which appears to target healthcare centers, taking advantage of the current state of alarm declared as a result of the COVID-19 pandemic.
The ransomware attacks have experienced a great evolution from its beginnings, being able to identify a great amount of different families at the present time, many of them are highly sophisticated, with high propagation and persistence. In this blog we explain what is Sodinokibi and how it works.
Throughout the year 2019, we have worked on the detection, treatment and preparation of notices related to cybersecurity in industrial environments, classifying them based on the sector, manufacturer, criticality, etc. This article summarises this work and makes a brief prediction of the events that will take place in 2020.