Segmentados Administración sistemas y redes TI

In the year 2022 and as is reflected in the article “Industrial Security 2022 in numbers”, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year. Especially in the industrial sector, the number of attacks has grown exponentially due to the massive introduction of IoT devices (it is expected to go from 13.5 to 21.5 million connected devices in three years) or more specifically about IIoT devices, which have been the main gateway for attacks as manufacturers have prioritized features and mass-production of devices over the security. In addition, this is compounded by planned obsolescence planned (increasingly present in this type of devices), increased interoperability and connectivity and the appearance of new types of malware and exploits which are much more effective.

After the establishment of the cloud technology in industrial environments to provide processes a greater intelligence, new technological challenges arise that give rise to technical implementation solutions such as edge computing. This strategy makes it possible to extend cloud environments to different locations for processing collected data from the environment locally and immediately. An example of this new technological paradigm can be seen in modern manufacturing plants where sensors (IIoT) generate a constant flow of data to prevent breakdowns, improve operations, etc. Given that amount of data that can be generated, it is faster and more profitable to process the data in a close position from the equipment rather than transmitting It to a remote data center.

The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.

PLCs, or Programmable Logic Controllers, have been part of industrial environments since the birth of automation. Given their evolution over time, thanks to greater intelligence, they have become a target of interest for potential attackers.

Es tanta la información que se encuentra actualmente accesible para los usuarios en Internet, que aquella ofrecida por ciertas páginas web o aplicaciones en tiempo real puede resultar de especial preocupación en cuanto a su confidencialidad para ciertos sectores, dado que podría ser utilizada con fines malintencionados.

In order to increase security levels in OT networks, there are now solutions that monitor networks, devices and configurations, actively looking for anomalies and possible security flaws and intrusions that could take place. However, there are other types of attacks on ICS that are carried out on a completely different plane, where anomaly analysis systems can’t reach. These are attacks on analog sensors.

Although the use of black channel is associated with physical safety, it is also part of logical safety. Here we can see how the black channel intervenes in communications, its contribution, advantages, use cases and the differences between it and the white channel.

In recent years, the concept of machine learning has gained more prominence, mainly driven by advances in parallel computing capacity. More and more developments, applications and programs are using these algorithms to provide systems with greater security, intelligence and independence. However, it’s rarely used in industrial environments, although some recent tests and developments prove its effectiveness, including in the scope of detection and prediction of cyber attacks.

Weaknesses in TCP protocol implementation in middleboxes could provide a means to carry out distributed reflection denial-of-service (DrDoS) attacks against any target.

The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.

The continuity of the production process in businesses that require industrial automation depends more and more on the proper functioning, safety and reliability of the system of that composes it. Therefore, conducting tests of acceptance of its operation prior to its commissioning, is vital to ensure that the systems acquired meet the requirements set out in the contract between the company and the manufacturer.

This post will analyse the vulnerabilities associated with Log4Shell, detected in the library Log4j, which is found in infinite software products both in technical and industrial fields. Although there have been other instances of more sophisticated vulnerabilities, the problem with this one is area of exposure.