Business Continuity Plan: before and after COVID-19

The current pandemic situation caused by the infamous COVID-19 (or Coronavirus) is impacting all areas of society: the first and most important, that of public health and the individual’s inherent primary survival instinct. Probably, the second concern is the economic impact that, as a worker or as an entrepreneur, the epidemic is causing in the operations and forecasts of companies and corporations of any sector and nature.

But the world does not stop … and organizations cannot afford to stop their business operations either!

Ilustración 1: Fuente Ejército de Tierra

[Read more…]

China: From culture to conflict in the cyberspace

Since in 2013 the US cybersecurity consultancy Mandiant published its famous report about APT1, showing its links with different agencies presumably associated with the Chinese government, the news about its actions in cyberspace has been significantly increased.

Among others, we find APT15, APT27 or Winnti Group (APT41); the US DoJ’s allegations of cyber espionage towards five Chinese military members associated with the APT1 group; the links that the FBI has established between Zhu Hua and Zhang Shilong and APT10; or the alleged link of PLA unit 61398 (People’s Liberations Army) with APT1.

With the permission of Russia and its popular operation against the DNC, China has become the main actor in cyberspace, developing an uncountable number of operations against all kind of sectors as: IT, military or naval industries and different governmental organizations. Sometimes using more sophisticated malware, and sometimes less, but more and more with its own seal linked to its extensive tradition.

According to traditional ancient texts, Chinese civilization dates back more than 4,000 years with the first Xia dynasty. Due to the continuity and strength of its political and social structure, the protection of its historical and cultural legacy and the practically null western influence until the 19th century, the Chinese Empire is considered the oldest empire that exists.

The historical endurance of the Chinese empire has not been based solely on military victories, but on its peculiar way of understanding resistance to foreign invasion. As an example, the Qing Dynasty, the last Chinese dynasty that ruled between 1644 and 1912, was founded by the Aisin-Gioro clan of Manchuria (the Manchus are currently an ethnic minority) and not by the Chinese population as it could be though. Similarly, the Yuan dynasty (1279-1368) was founded by Mongol invaders, heirs to the legacy of Genghis Khan.

Despite this, the language, customs and tradition remained unchanged thanks to the Chinese bureaucratic elites, who offered their services to the invaders with the excuse of the difficulty that would supposed to control a country with such dimensions, and making the only condition to maintain their methods and language. Because of this, the second-generation of invaders would assimilate the culture, coming to be seen as outsiders by their home territories, and finally, ending up defending China’s national interests.

The resistance and adaptability typical of the Chinese character towards the invader is still present, and we have witnessed the transformation of a society that in 1984 was fundamentally agricultural (40% of its GDP), and that just 35 years later dominates the technological world scenario with to the United States as well, leading the deployment of 5G by the hand of Huawei. Such achievement has occurred not only in terms of competitiveness, but also by making its technology an intrinsic part of its legacy and by putting technological development at the service of the national interest.

As the comparison mentioned by the former head of the Canadian Intelligence and Security Service for Asia-Pacific, Michel Juneau-Katsua, if Western intelligence had to steal a beach, he would go at night and wait for nobody to see him to steal it. On the other hand, if Chinese intelligence had to do it, it would send a thousand tourists and on the way back they would shake their towels, day by day.

Hiding in broad daylight is a concept associated with Eastern culture, because, even leaving aside large corporations such as Xiaomi or Huawei and the obvious possibility of controlling “their” devices, they have managed to install software of all kind on any computer on the planet. It is not uncommon to find binaries with Mandarin language resources or drivers signed by Chinese companies, which could potentially facilitate a campaign directed against any organization.

We also have the issue of electronic devices, the global massive sale which has allowed the worldwide deployment of a potentially vulnerable network of video surveillance cameras, loudspeakers or smartbands. Meanwhile, it competes with Google and Amazon for the control of the information at home.

However, China is not interested in entering the Thucydides trap through a direct confrontation against the United States, but will use, as it has done in the past, the multipolar geopolitical scenario to achieve its purposes.

If you use the enemy to defeat the enemy, you will be powerful wherever you go.

About to end the Korean War, Mao managed to gain a foothold on the international scene through a strategy very much in the line with the classic strategist Sun Tzu. In a world in which two great superpowers, the United States and the Soviet Union, fought for world hegemony, he managed to see them as equals.

It faced the United States in the Taiwan Strait conflict and, almost at the same time, ideologically and geopolitically dissociated itself from the communist bloc. This position was based on the fact that none of the powers would allow the launching of nuclear weapons on Mandarin territory, and the maintenance of a public position that claimed to have no fear of such weapons. As Mao himself stated, “China has 600 million inhabitants in an area of ​​9.6 million square kilometers. The United States cannot annihilate China with a simple pile of atomic bombs.

Exercising an active position, Mao ended up being part of the international balance with an independent voice, exerting psychological pressure on both sides through the conflicts in the Taiwan Strait and his intervention in the Vietnam War.

The current world offers very good opportunities for these puppeteer performances, as the attribution of a hostile act in cyberspace is truly complex, as evidenced by the false flag operation reported by Kaspersky on OlympicDestroyer. During the 2018 South Korea Winter Olympics, the OlympicDestroyer malware paralyzed IT systems, caused outages, and brought down the organization’s websites.

What is relevant about these actions is that, as detailed in the report, the tactics, techniques and procedures (TTP) were those commonly used by the Lazarous group, associated with North Korea. However, everything indicated that intentional errors had been made in order to facilitate the detection of such TTPs, stirring the international stage with a campaign with mediatic overtones. This makes more sense if we take into account that in February 2018 North Korea was surrounded by sanctions derived from its nuclear plan, specifically resolutions 2371, 2375 and 2397 adopted in 2017, which fundamentally damaged its relationship with China.

Looking to the future, everything indicates that China will continue to bet on conflict resolution through operations in cyberspace, limiting its military interventions to what is strictly necessary or for propaganda purposes.

The conflict in cyberspace allows, to a certain extent, to abandon Clausewitz’s theses and the understanding of confrontation as battles that begin and end, and where the enemies are defined and tangible units. The new era embraces Suntzunian theses, promoting flexibility in battle or the use of time as a weapon, concepts that are rather foreign to Western tradition.

While tradition in the West has fostered heroism and the coup in the decisive moment, Chinese ideals are based on patience, subtle harm and the accumulation of advantages in a gradual way, concepts that matches perfectly in a conflict in Internet.

Thus, China is comfortable with the new approach to the multinational conflict, a world whose rules play in favor of concealment, indefiniteness and confusion. Actually, its rules.


Guide to Assessing Your Organization’s Internal Cybersecurity Readiness in 2020

Today’s post is authored by Robert Mardisalu, co-founder & editor of, a computer security professional, privacy specialist and cybersecurity writer.
He has written for many insightful blogs that help readers to think beyond the surface.

Every new year presents new cybersecurity issues and challenges for organizations. Skimming through the latest cybersecurity statistics will show how much of a threat cyberattacks pose. Handling information means you are charged with ensuring its availability, confidenciality and integrity against attackers, and be ready for the possible threats it may face.

In order to determine whether your organization is prepared to face these threats, you need to assess its cybersecurity readiness. This guide will help you do just that.

[Read more…]

What Recent Supply Chain Attacks On IOTA and Monero Can Teach Us About Blockchain Security

Today’s post is authored by Stefan Beyer, CEO @ Cryptonics, Blockchain Consultant and Smart Contract Auditor. If you are interested in learning about blockchain technology, we recommend you to check the recently created Cryptonics Academy. Please enjoy.

A False Sense of Security

Blockchains are protected by complex mathematical protocols and by decentralization. Cryptographic primitives, such as digital signatures and hashing, are used to verify transaction authenticity and the integrity of the data stored on the blockchain. It is only through these primitives that the concept of digital ownership can be secured. Decentralization makes it incredibly hard for an attacker to gain sufficient control over a blockchain to alter transaction history or apply censorship.

This means that blockchains are quite secure at the protocol level. Although there are confirmed incidents of protocol-level breaches, such as 51% attacks, these are relatively rare and confined to smaller blockchains. Nevertheless, digital assets represented on blockchains are stolen on an alarmingly regular basis, even from large established networks.

In a recent article, we already identified smart contracts as a significant risk vector. In this article, we look at two recent high profile attacks, in order to highlight hidden dangers in the security of support systems that allow attackers to sidestep the sophisticated cryptographic defense mechanisms blockchain protocols provide. This type of attack is typically called a supply chain attack, as it focuses on less secure parts of a project’s supply chain.

[Read more…]

The 5 Most Common Smart Contract Vulnerabilities

Today’s post is authored by Stefan Beyer, CEO @ Cryptonics, Blockchain Consultant and Smart Contract Auditor. Please enjoy.

Smart contracts are hard to get right. Their three main properties, the ability to hold value, transparency, and immutability, are essential for them to work. However, these properties also turn smart contracts into a security risk and a high-interest target for cybercriminals. Even without deliberate attacks, there are plenty of examples of funds getting stuck and companies losing money due to smart contract bugs and vulnerabilities.

Over the last two years, we have audited the smart contracts of more than 40 projects here at Cryptonics. The contracts audited include different types of asset tokenization, insurance policies, decentralized finance platforms, investment funds, and even computer games. We have observed certain trends in the types of vulnerabilities that we usually encounter, and some issues seem more common than others. In this article, we will describe the five most common issues we detect in our daily auditing activities.

[Read more…]

The fight for privacy

The post, next week.

Own text. Original comic strip by RaphComic. Modified with permission.

CNA Tactics: a first proposal

(Editor’s note: this post was originally published in the Spanish version of Security Art Work on 11th November 2019)

Today we have a doctrinal and somewhat metaphysical article… I.e., something dense. Be warned :)

Within CNO (Computer Network Operations) we find three types of capabilities or actions: CND, CNA and CNE (Defense, Attack and Exploitation respectively).

While CND obviously deals with the defense of technological environments against attacks also technological —not against a missile that hits a Datacenter—, CNE operations and capabilities focus on the acquisition and exploitation of information through networks and computers: what we currently call cyberspying. For its part, CNA, Computer Network Attack, refers to what is often identified with purely destructive operations (the famous “4D”: disrupt, deny, degrade and destroy).

Any actor that executes CNO operations develops TTP (Tactics, Techniques and Procedures) to achieve its objectives; without going into the more formal definitions of the US military literature, tactics specify what an actor does, techniques specify how a tactic is implemented and procedures define a particular implementation —depending even on the person who applies them— of that tactic; this approach, from the higher level to a more operational level, models the behaviour of an actor, something similar to what is usually called its modus operandi.

[Read more…]

YaraRET (I): Carving with Radare2 & Yara

During the management of forensic cases, there are times when we find ourselves in a dead end, where after the detection of a critical compromise indicator, we have to approach an analysis with weak evidence.

That is why I decided to develop a carving tool based on Yara rule detection. This tool also had to handle raw files in and be able to carry out a wide variety of options on this data in a flexible way, so I decided to use Radare2.

From this combination was born YaraRET, a file carving tool developed in Go, whose stable version is available in the repository of YaraRules:

The development version can be found in the following repository:

So, during the next article the resolution of a fictitious forensic case with YaraRET will be presented, which is based on the combination of several cases that I have been finding for a few months. [Read more…]

The State of VPN Security Today

Today’s post is authored by Christopher Nichols from, who gives a quick insight of some of the main threats of surfing without protection in today’s Internet, and gives some valuable information on the advantages of, probably, the main countermeasure: Virtual Private Networks. Please enjoy.

No one should log onto the internet without the added protection of a virtual private network (VPN). Personal and financial information transmitted over the web needs protection against snoopers, hackers, and spies. Those snoopers also include the user’s own government as well as the internet services provider, who collects service fees as well as free information from their users. [Read more…]

The 5 keys of an Operator’s Security Plan for a health service

(This post has been prepared by Juan Carlos Muria & Samuel Segarra.)

Regarding the protection of critical infrastructures and essential services, as reflected in the European NIS Directive, in Spain there is a National Strategy that includes the health sector as a critical infrastructure.
In this SAW post, we explain the key success factors for approaching the preparation of the Sector Strategic Plan to render it compliant with Spanish regulation, although there are many points in common with protecting critical infrastructure in other countries, according to our experience.

And finally it arrived: The Sector Strategic Plan (PES) for the health sector was published at the end of October, and now comes the time, for elected operators, to draft the Operator’s Security Plan (OSP) in less than six months, not forgetting that then there will only be four months to detail the Specific Protection Plans for each of the critical infrastructures, and finally the Operational Support Plans (PAO).

This is the minimum required by the National Center for the Protection of Critical Infrastructures, in response to meetings held and emails exchanged with different operators.

The structure of these plans is defined by the (CNPIC) itself, so we have preferred to focus on the things that a healthcare operator should take into account, and since we are on a blog and the content should be short and concrete, we have decided to highlight the 5 most important things, which should not be missing in a OSP.
Shall we start?
[Read more…]