criptografía

Contenido criptografía

Blog posted on 27/04/2023

With the industrial revolution of Industry 4.0, industrial processes have become more intelligent, and this has led to the deployment of a greater number of devices. 

All these deployments usually have a common point, being the gateways, which, after being deployed, are responsible for the translation of some protocols to the TCP/UDP frame or simply send the information to the cloud.

Being a point that gathers a large amount of data and capable of providing intelligence to industrial processes, industrial gateways have become a very desirable target for attackers.

Blog posted on 08/09/2022

Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.

Blog posted on 02/06/2022

Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.

Blog posted on 20/12/2021

The malicious code of the ransomware known as ‘Hive’ represents a threat to all users, as it implements encryption functionalities on the information in an infected computer, making simple recovery of the data impossible. This threat attempts to use extortion to recover the information, demanding a payment and threatening publication of part of the stolen information on a blog through the network Tor if the payment is not forthcoming.

Blog posted on 15/04/2021

Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.

Blog posted on 01/10/2020

This post presents some lines of action to be followed in the case of having fallen victim to Ekans ransomware. It describes in detail the prevention, identification and response phases to be carried out.

Blog posted on 20/08/2020

In this new blog entry, we will analyze the features and describe the operation of a new ransomware called Ekans, initially known as Snake, which has a very specific design, aimed at infecting and blocking Industrial Control Systems (ICS).

Blog posted on 09/07/2020

GNSS (Global Navigation Satellite System) technology is deeply integrated into society to meet geolocation and time measurement needs; it is considered one of the most reliable and it is a critical element for certain industrial sectors. However, due to the advancement of the technology and its widespread use, GNSS are being compromised by cybercriminals.

Blog posted on 18/06/2020

In this blog post we detail the new PGP keys generated by INCIBE-CERT to establish secure communication channels with different audiences.

Blog posted on 30/04/2020

Sodinokibi uses the RaaS (Ramsonware as a Service) model, which favours its rapid spread. In this article we present some lines of action that should be followed in the case of having been a victim of this sophisticated malware or if it is suspected that it could have infected our systems.