Segmentados Administración sistemas y redes TI

Contenido Segmentados Administración sistemas y redes TI

En esta sección se ofrecen contenidos de interés para los profesionales que conocen y auditan el cumplimiento legal y normativo en materia de ciberseguridad, la gestión de riesgos, la gestión y cumplimiento de políticas internas, o se encargan de la formación interna en ciberseguridad.

Threat analysis study: Grandoreiro

Posted on 02/06/2022, by
INCIBE (INCIBE)
Threat analysis image
Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.

IEC 62443-4-2, the need to secure components

Posted on 12/05/2022, by
INCIBE (INCIBE)
Standard IEC 62443-4-2, the need to secure ISC components
The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.

FAT and SAT tests on industrial devices

Posted on 07/04/2022, by
INCIBE (INCIBE)
FAT and SAT tests on ICS
The continuity of the production process in businesses that require industrial automation depends more and more on the proper functioning, safety and reliability of the system of that composes it. Therefore, conducting tests of acceptance of its operation prior to its commissioning, is vital to ensure that the systems acquired meet the requirements set out in the contract between the company and the manufacturer.

Log4Shell: analysis of vulnerabilities in Log4j

Posted on 24/02/2022, by
INCIBE (INCIBE)
Log4Shell: analysis of vulnerabilities in Log4j
This post will analyse the vulnerabilities associated with Log4Shell, detected in the library Log4j, which is found in infinite software products both in technical and industrial fields. Although there have been other instances of more sophisticated vulnerabilities, the problem with this one is area of exposure.

The MITRE matrix: tactics and techniques in industrial settings

Posted on 03/02/2022, by
INCIBE (INCIBE)
MITRE matrix: TTP in ICS
Monitoring and analyzing security incidents in Industrial Control Systems (ICS) has been a priority for many organizations for a while now. As a response to this need, and given the great success in other areas specialized in cybersecurity, the MITRE organization has developed a matrix that collects many of the tactics, techniques and procedures detected in the industrial world. This article seeks to make the contents and potential uses of said matrix known.

Threat analysis study: Hive

Posted on 20/12/2021, by
INCIBE (INCIBE)
imagen de estudios de amenazas
The malicious code of the ransomware known as ‘Hive’ represents a threat to all users, as it implements encryption functionalities on the information in an infected computer, making simple recovery of the data impossible. This threat attempts to use extortion to recover the information, demanding a payment and threatening publication of part of the stolen information on a blog through the network Tor if the payment is not forthcoming.

EVOLVE: organisations’ capacity to adapt and improve their services after a cyberattack

Posted on 25/11/2021, by
INCIBE (INCIBE)
CII: evolve measurement
All organisations must be prepared so that, after the impact of a cyberattack, it may change, improve and adapt its processes and services. For this reason, it is necessary to protect the main business processes using a set of tasks that allow the organisation to evolve after a serious incident to redesign its strategies and minimise the possible impact of future cyberattacks

RECOVER: the capacity of organizations to restore their services following a cyber-attack

Posted on 07/10/2021, by
INCIBE (INCIBE)
CII recover goal
It is necessary to protect the main business processes through a set of tasks that allow the organisation to recover from a major incident in a timeframe that does not compromise the continuity of its services. This ensures a planned response to any security breach.

Threat analysis study: Anatsa

Posted on 05/07/2021, by
INCIBE (INCIBE)
image of threat studies
Anatsa is a banking Trojan designed for Android devices that has become particularly relevant since its discovery in January 2021. Throughout the study, a detailed technical analysis of the threat is carried out using a sample of the malicious code in question to show how this malware behaves and the possibilities it offers.

Threat analysis studies: Mekotio, FluBot, Cring and WannaMine

Posted on 15/04/2021, by
INCIBE (INCIBE)
Threat analysis studies image
Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.

Secure remote access in ICS

Posted on 04/03/2021, by
INCIBE (INCIBE)
secure remote access in ICS
With the arrival of industry 4.0 to companies’ productive processes, including IIoT and Cloud, the need to control and monitor the ICS that remotely make them up arises. However, said access points should be established securely and in a controlled manner, mainly due to the criticality of these assets. This article discusses good practices, tools and methods that can be used to establish remote connections to OT networks as securely as possible.