Search Results for: IoT

What Recent Supply Chain Attacks On IOTA and Monero Can Teach Us About Blockchain Security

13 de April de 2020 Por

Today’s post is authored by Stefan Beyer, CEO @ Cryptonics, Blockchain Consultant and Smart Contract Auditor. If you are interested in learning about blockchain technology, we recommend you to check the recently created Cryptonics Academy. Please enjoy.

A False Sense of Security

Blockchains are protected by complex mathematical protocols and by decentralization. Cryptographic primitives, such as digital signatures and hashing, are used to verify transaction authenticity and the integrity of the data stored on the blockchain. It is only through these primitives that the concept of digital ownership can be secured. Decentralization makes it incredibly hard for an attacker to gain sufficient control over a blockchain to alter transaction history or apply censorship.

This means that blockchains are quite secure at the protocol level. Although there are confirmed incidents of protocol-level breaches, such as 51% attacks, these are relatively rare and confined to smaller blockchains. Nevertheless, digital assets represented on blockchains are stolen on an alarmingly regular basis, even from large established networks.

In a recent article, we already identified smart contracts as a significant risk vector. In this article, we look at two recent high profile attacks, in order to highlight hidden dangers in the security of support systems that allow attackers to sidestep the sophisticated cryptographic defense mechanisms blockchain protocols provide. This type of attack is typically called a supply chain attack, as it focuses on less secure parts of a project’s supply chain.

[Read more…]

IoT in the Industry 4.0 – Our data – collaboration or use?

22 de March de 2019 Por

On 7 February, a meeting was held in Madrid at the Vodafone Observatory of the Company, where experts in the cloud, artificial intelligence, robotics and digital transformation gave a vision on how to face the challenges of industry 4.0. In previous articles by Joan Balbastre about Industry 4.0, we could see what characterizes this industrial revolution and its basic design principles. In these articles, up to six different principles are named and one of them allows us to focus on this text: service orientation. This orientation turned out to be the fundamental axis of the whole event.

It is true that, in the face of strong competition between companies from different sectors, the optimization of the products or services provided has become a priority. There are many ways to improve a company or product. In recent years, information gathering has become one of the fundamental pillars on which the Industry 4.0 revolution is based. The data collected from consumers allows companies to perform different actions such as preventive maintenance, quality assurance, real-time defect management, operations management, etc. A clear example of the change that companies in the industry are undergoing is the case of Quality Espresso, which has gone from producing only one product, designing, producing and marketing coffee makers, to the provision of an added service thanks to the collection of information. Quality Espresso coffee machines not only allow connectivity with different devices, but are also able to collect statistical information for the company, in order to improve the products or even influence the design of new ones, as indicated in the event.

[Read more…]

Linux.IotReaper Analysis

14 de February de 2018 Por

A couple of days ago we learned about the existence of a new threat IoT considerably more elaborated than any of the ones detected to date (http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/), said botnet has been named by Netlab 360 as IotReaper. So, from the malware laboratory of S2 Grupo we have obtained and analyzed some of the related samples.

Infrastructure

The infrastructure of the network is quite similar to that of the Mirai botnet, which is formed by four elements:

  • Report Server: Responsible for collecting the information sent by the bots.
  • Server Downloader: Responsible for providing malware samples via HTTP. The presence of an element allows the continuous incorporation of updates without the need to leave obsolete versions of the malware.
  • Server C2: Responsible for sending denial of service orders.
  • Bot: IoT device infected by the IotReaper botnet.

[Read more…]

The Russian ICC (XIII): The intelligence ecosystem. Patriotic hackers

26 de January de 2018 Por

The concept of patriotic hacker can be understood as the attacker, in the cyber field, whose activities support in one way or another his country in a real conflict, directed against the enemy of the state ([1]). Along with China, Russia has been perhaps one of the countries that has most empowered these groups, active for years in conflicts such as Kosovo (1999), Estonia (2007) or Georgia (2008). In Spain, if there has ever been something similar and in any case not state sponsored, it could be linked to small actions in the network against the environment of ETA after the murder of Miguel Angel Blanco (1997), perhaps at odds between hacktivism and patriotic hackers (this would give for an interesting debate), but in any case very far from the activities of patriotic groups in other conflicts or countries.

In Russia, different groups have been identified that could be called Kremlin-related groups (from Chaos Hackers Crew in 1999 to Cyber Berkut, active in the conflict with Ukraine) and their actions, groups that have focused their activities on defacements and, in particular, in DDoS attacks against targets that have been considered contrary to Russian interests. From each of the operations of these groups there is literature and more literature. An excellent summary of the most notorious can be found in [8]. As early as 1994, in the First Chechen War, some patriotic groups used the incipient web for PSYOP, at that time with Chechen victory, a victory that would change sides later (1999) in the Second Chechen War ([3]). Years later, in 2007, Russia launches a cyber-attack against Estonia that stops the operation of the online banking of the main Estonian banks, blocks access to the media and interrupts communications of the emergency services ([4]); but there are no deaths or injuries on either side, unlike what happens a little later (2008) in Georgia, where there is a hybrid attack- the first known case in history – consisting of cyber-attacks and an armed invasion. A conflict in which different groups arise that encourage attack – in particular, through DDoS on the websites that support the opposite side. These denial attacks differed from those launched against Estonia: not only were they injecting large volumes of traffic or requests against the target, but also using more sophisticated techniques, such as using certain SQL statements to introduce additional load into this objective, thus amplifying the impact caused.

At about the same time as Georgia’s, Lithuania gets its turn, also in 2008 and, as in Estonia, in response to political decisions that their Russian neighbors do not like. In this case the Lithuanian government decides to remove the communist symbols associated with the former USSR, which causes denial of service attacks and defacements of web pages to locate in them the hammer and the sickle. A few months after the actions in Lithuania, attacks on Kyrgyzstan begin, already in 2009 and again after political decisions that the Russians do not like, now regarding the use of an air base of the country by the Americans, key for the American deployment in Afghanistan. In this case it is about DDoS attacks against major ISPs in the country, which further degraded the already precarious Kyrgyz infrastructures, originated in Russian addresses but, according to some experts, with much more doubt in the attribution than other attacks of the same type suffered previously by other countries. Also in 2009 Kazakhstan, another former Soviet Republic – and therefore of prime interest for Russian intelligence – suffers DDoS attacks following statements by its President criticizing Russia.

Finally, as early as 2014, The Ukraine becomes another example of a hybrid war, as it happened in Georgia years ago, and an excellent example of the Russian concept of information warfare, with attacks not only by DDos, but especially by disinformation through social networks: VKontakte, supposedly under the control of Russian services (we spoke before about their relationship with companies, technological or not). It is the most used social network in Ukraine, which offers an unbeatable opportunity to put in practice this disinformation ([6]). For different reasons, including the duration of the conflict itself, The Ukraine is an excellent example of the role of patriotic hackers on both sides (Cyber Berkut on the Russian side and RUH8 on the Ukrainian side), supporting traditional military interventions, putting into practice Information warfare, psychological operations, DDoS, attacks on critical infrastructures …

The presence and operations of Russian patriotic hackers seems indisputable. The question is to know what relationship these groups have and their actions with the Kremlin and its services, if any, and the degree of control the Russian government may have over them … and even its relationship with other actors of interest to Russian intelligence, such as organized crime, which we will discuss in the next post of the series. Actions such as those executed against Ukrainian servers in 2014 by Cyber Berkut showed TTPs very similar to those previously used in Estonia or Georgia, which would link these actions not only to properly organized groups, but would also lead to a possible link with The Kremlin, following the hypothetical attribution of these last actions with the Russian government ([2]).In [9] an interesting analysis is made of the relationship between patriotic hackers, cybercrime and Russian intelligence during the armed conflict with Georgia in 2008. In addition, in the tense relations between Russia and Georgia, there is another hypothetical proof, especially peculiar at least, of the link between attacks, patriotic hackers and Russian services: in 2011, the Georgian government CERT ([7]), before a case of allegedly Russian espionage, decides to voluntarily compromise a computer with the malware used by the attackers, put a lure file on it and in turn to trojanize said file with remote control software. When the attacker exfiltrated the honeypot, the CERT was able to take control of his computer, recording videos of his activities, making captures from his webcam and analyzing his hard disk, in which emails were supposedly found between a controller – from the FSB, so the evil tongues of some analysts say, who knows … – and the attacker, exchanging information of objectives and information needs and instructions on how to use the harmful code.

Regardless of the relations of the Russian services with groups of patriotic hackers, the infiltration or the degree of control over them, what is certain is that in certain cases the FSB has publicly avoided exercising its police duties in order to pursue a priori criminal activities by Russian patriotic hackers: in 2002, Tomsk students launched a denial of service attack against the Kavkaz-Tsentr portal, which housed information on Chechnya annoying for the Russians. The local FSB office issued a press release in which it referred to these actions of the attackers as a legitimate “expression of their position as citizens, worthy of respect” ([5]). And what is indisputable is that after decisions made by a sovereign government that may be contrary to the interests of the Russian government or simply to their opinion, that government suffers more or less severe attacks – depending on the importance of that decision – against its technological infrastructures, at least in areas especially relevant to Russian intelligence and government such as the former Soviet Republics. Of course, attacks that are difficult to reliably link to the Russian government or patriotic hackers of this country, but they occur in any case.

Finally, one more detail: Russian patriotic hackers have not only executed actions against third countries, but also operated within the RUNet. One of the most well-known cases is that of Hell, acting against Russian liberal movements: opponents of the government, journalists, bloggers … and of which there have been signs of their connection with the FSB (let’s remember, internal intelligence) specifically with the CIS of this service. In 2015 Sergei Maksimov, allegedly Hell, is tried and convicted in Germany for falsification, harassment and information theft. Although facing three years in prison, the sentence imposed is minimal. Was Maksimov really Hell? Were there any links between this identity and the FSB? Was Hell part of the FSB itself, unit 64829 of this service? Nor do we know, nor will probably ever know, as perhaps we do not know whether Nashi, a patriotic youth organization born under the protection of the Kremlin – this we do know, as it is public – organized DDoS attacks not only against Estonia in 2007, but also against Russian journalists opposed to Putin’s policies, and also tried to turn to journalists and bloggers for their support in anti-deposit activities in the Russian government … at least that is what the emails stolen by Anonymous- allegedly, as always, from Kristina Potupchik, spokesperson for Nashi at the time and later “promoted” to Internet project manager of the Kremlin, say (this is also public).

References
[1] Johan Sigholm. Non-State Actors in Cyberspace Operations. In Cyber Warfare (Ed. Jouko Vankka). National Defence University, Department of Military Technology. Series 1. Number 34. Helsinki, Finland, 2013.
[2] ThreatConnect. Belling the BEAR. Octubre, 2016. https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
[3] Kenneth Geers. Cyberspace and the changing nature of warfare. SC Magazine. July, 2008.
[4] David E. McNabb. Vladimir Putin and Russian Imperial Revival. CRC Press, 2015.
[5] Athina Karatzogianni (ed.). Violence and War in Culture and the Media: Five Disciplinary Lenses. Routledge, 2013.
[6] Andrew Foxall. Putin’s Cyberwar: Russia’s Statecraft in the Fifth Domain. Russia Studies Centre Policy Paper, no. 9. May, 2016.
[7] CERT-Georgia. Cyber Espionage against Georgian Government. CERT-Georgia. 2011.
[8] William C. Ashmore. Impact of Alleged Russian Cyber Attacks. In Baltic Security and Defence Review. Volume 11. 2009.
[9] Jeffrey Carr. Project Grey Goose Phase II Report: The evolving state of cyber warfare. Greylogic, 2009.

Image courtesy of Zavtra.RU

Carmen after R2D2: from observing to understanding in industrial cybersecurity

19 de September de 2025 Por Leave a Comment

In the world of cybersecurity, it is not enough to look at network traffic: it is necessary to understand it. With the European project R2D2, the CARMEN tool has taken a qualitative leap in its analysis capacity in industrial (OT) environments. Thanks to the new functionalities incorporated, CARMEN can now detect complex threats early, even those designed to go unnoticed, offering security teams a more complete and precise view of industrial infrastructure

Before R2D2: Carmen’s vision

Before the incorporation of the R2D2 project modules, Carmen was already a consolidated and prestigious tool for network traffic analysis. However, its approach was mainly oriented to IT and, although it could detect anomalies and monitor traffic effectively, in industrial (OT) environments it had natural limitations inherent to the original scope of the tool:

  • OT environments: it could not deeply interpret the most complex industrial protocols, limiting the understanding of commands, registers, and critical messages.
  • IT environments: the tool detected anomalies, although correlation with possible attacks from advanced groups (APTs) required additional and manual analysis.
  • Detection of APTs: effective within its scope, but with a more general approach based on known patterns.
  • Asset and risk map: it offered visibility of relevant events and alerts, but impact assessment on critical assets and attack routes depended on the analyst’s interpretation.

In short, Carmen was already a solid and reliable tool, capable of observing and alerting about important events on the network. What R2D2 brought was not “starting from scratch,” but expanding its capabilities: allowing it to delve into OT traffic, interpret complex industrial protocols, correlate anomalies with advanced attacks, and also offer greater control over the asset map and its associated risk.

[Read more…]

CARMEN: The S2 Grupo’s advanced threat detection tool

2 de October de 2024 Por

In the dynamic and ever-changing cybersecurity environment, staying ahead of threats is more crucial than ever.

At S2 Grupo, in collaboration with the National Cryptologic Center (CCN), we have developed and continuously improved CARMEN, an innovative tool designed to protect organizations against the most sophisticated threats.

What is CARMEN?

CARMEN (Center for Log Analysis and Data Mining) is a comprehensive threat detection and response solution specifically designed to address the evolution of Advanced Persistent Threats (APTs). This tool is fundamental for Threat Hunting processes, allowing security teams to proactively identify and neutralize risks.

CARMEN’s main objective is to generate intelligence from network traffic and user activities within the organization, filtering and prioritizing critical information. In this way, it helps prevent security breaches and mitigate the impact of cyber-attacks. With CARMEN, organizations achieve full visibility of their infrastructure, facilitating both early threat detection and an agile and effective response.

[Read more…]

Health 4.0: the importance of cybersecurity in the healthcare area

11 de April de 2023 Por

The concept of Health 4.0 emerges as a specific derivation of Industry 4.0. But what is Industry 4.0? This concept arises in Germany in 2011, as a project to improve the industry but without a clear definition (see reference at the end of the article).

From this moment on, Industry 4.0 has been appearing with different interpretations, although there is a unified definition. Industry 4.0 is an umbrella that encompasses nine technologies that help in the transformation of industrial production and process automation.

These technologies are:

  • Big Data and Data Analysis
  • Simulation
  • Internet of Things (IoT)
  • Augmented Reality
  • Cloud Computing
  • Additive Manufacturing
  • Autonomous robotics
  • Cybersecurity
  • Integration systems
read more

Blockchain to secure healthcare environments

27 de June de 2022 Por

The increasing number of data breaches in the healthcare sector is causing serious problems in management and storage. In addition, traditional security methods being used to protect healthcare applications are proving ineffective. This is why emerging technologies such as blockchain are offering new security approaches and processes for healthcare applications, providing data confidentiality and privacy.

Data breaches are one of the main cybersecurity issues in the healthcare sector. Figure 1 shows how the amount of health record data leakage has been increasing, highlighting a large change between 2018 and 2019, a date coinciding with the start of the COVID-19 pandemic.

Figure 1. Number of data breaches of 500 or more health records in the healthcare sector from 2009 to 2021. Source: https://www.hipaajournal.com/healthcare-data-breach-statistics/
[Read more…]

MQTT: risks and threats in healthcare environments

11 de February de 2022 Por

This post has been elaborated together with Alex Alhambra Delgado.

Since 2020, many changes have been made in the way we interact with each other, as well as with computer systems. In the wake of the pandemic, all companies had to upgrade their network infrastructures to provide better performance, speed and availability, given the large amount of work that suddenly had to be done remotely.

In the same way, companies needed a way to monitor all their processes remotely, in order to reduce travel and the potential exposure to viruses. In this situation, all types of industries took advantage of the benefits of the IoT (Internet of Things), which provided a new way to control the processes of a company remotely.

Illustration 1. IoT and IIoT
[Read more…]

Guide to Assessing Your Organization’s Internal Cybersecurity Readiness in 2020

15 de April de 2020 Por

Today’s post is authored by Robert Mardisalu, co-founder & editor of TheBestVPN.com, a computer security professional, privacy specialist and cybersecurity writer.
He has written for many insightful blogs that help readers to think beyond the surface.

Every new year presents new cybersecurity issues and challenges for organizations. Skimming through the latest cybersecurity statistics will show how much of a threat cyberattacks pose. Handling information means you are charged with ensuring its availability, confidenciality and integrity against attackers, and be ready for the possible threats it may face.

In order to determine whether your organization is prepared to face these threats, you need to assess its cybersecurity readiness. This guide will help you do just that.

[Read more…]