Cover Image of Iberlayer bets on authentic green energy

Iberlayer bets on authentic green energy


Today energy consumption is no longer just an economic problem but also an ecological problem of the first order. Taking care of our planet has ceased to be a matter of common sense to become an obligation.

The problem of pollution and global warming affects us all and therefore it is everyone's task to fight against them. At Iberlayer we are no strangers to the problem and with the intention, courage and enthusiasm of contributing our grain of sand, we have switched to green energy of solar origin.

Thanks to a powerful self-generation installation, our central offices have 300% of the power needed to meet not only normal daily consumption and charge the fleet of electric vehicles for employees, but also meet growth expectations.

Thanks to this small big step, we are avoiding the discharge of approximately 7 Tons of CO2 per year into the atmosphere if we generate that electrical energy using Gas as fuel and approximately 17.5 Tons if Coal is used.

"A grain does not make a barn, but it can unbalance a scale..."


Cover Image of New blackmail technique through ransomware

New blackmail technique through ransomware


During recent times the number of companies affected by Ransomware attacks has skyrocketed, which basically act in two ways: encrypting all the documents they find on the victim's network to ask for money in return of the decryption key, and/or by stealing a large amount of data to ask for money in exchange for not publishing it.

In general, the threat of local data encryption "usually", in quotes, is of less concern when companies have powerful backup systems, capable of reverting large amounts of data to its previous state in a short time time.

By the way, a detail that you should never forget when you are the victim of an attack of this type is, before trying to recover the data from the backup copies, make a new backup of the data as is, i.e. "encrypted". In this way, if for any reason full recovery proves impossible and unfortunately we had to access blackmail in some way, recovery would be possible. Otherwise, having crushed the encrypted data with the backup restore, we would have blocked this emergency exit without remedy.

However, more and more companies are affected by the second type of Ransomware, the one that exfiltrates data and threatens to publish it if we do not agree to a payment. The main reason is undoubtedly the RGPD (General Data Protection Regulation), since cyber-criminals know very well that companies may be more afraid of possible sanctions than of the damage caused by the publication of such data.

Usually, when a company is 'hacked' and data is extracted, those responsible for this company receive warning emails from cyber-criminals telling them what has happened, the steps to follow and to what is exposed in case of not doing it. The economic amounts vary, always in cryptocurrencies, between a few thousand Euros to several hundred million, increasing in value as more time passes.

Technicians from the Iberlayer Laboratory have detected today a new form of "blackmail", simple but very possibly effective: The cybercriminals, after stealing the data, have not only sent the threat to the victim as usual , instead they have sent emails to all the people and companies they have found in that stolen data, explaining what has happened and that if the victim does not agree to the blackmail, sorry, to the payment, it will be their data that will be made public.

Here is a real example of one of these emails:

Obviously the objective is to exponentially multiply the pressure on the victim and end up paying.

It is a very simple idea and one that we fear is sadly going to work as expected, not only because of the pressure that a lot of third parties can exert, which of course, but because of the image that they have before them could have caused that company.

Our complete email protection solution, Iberlayer Email Guardian, provides the peace of mind that large companies need today regarding their email, detecting not only threats direct but also indirect, as safely as filtering by hand.

Pedro David Marco.


Cover Image of Fake donation request for OMS

Fake donation request for OMS


The already traditional SCAM campaign, active for years, has always been adapting to the circumstances in order to maximize its probability of success.

These emails usually send us threats of a different nature that will become a reality if we do not agree to the immediate payment of an amount of money in some cryptocurrency (generally Bitcoins).

Sometimes they threaten us with making our data public, other times they tell us that we have been caught visiting illegal websites, etc. In some cases the threats go beyond dark brown, such as when they indicate that they have planted a bomb in our office or that they will implicate us in false causes of pedophilia, etc.

The current world situation generated as a result of the Covid-19 Coronavirus is being massively exploited by cybercriminals. To the tens of thousands of domains that we already have on the blacklist related to Covid-19, now a curious new form of SCAM is added, disguised as a request for an Economic Donation for the WHO, with the aim of delving into scientific research by regarding the virus.

In the image you can see a real sample, where donations are requested to the crypto wallet 16gmYrbqMr4SZeA7SqNVmirhnhDG3maYPK, which has already been reported as fraudulent.

There are police forces that pursue this type of fraud and extortion, placing special vigilance on the activity of cryptocurrency wallets, which are traceable when conversions are made to real currency, shipments of goods purchased with them, etc.

This fact, well known by cybercriminals, is being used by them when they want to harm a third party: to do so, they find out what the victim's cryptocurrency wallet is, which will surely be totally legal and clean, and include it as a destination of payment in a new shipment of SCAM!!!!

In this way, all suspicions will fall on the victim, and their wallet, which will be reported as fraudulent, will have serious problems from that moment on for all kinds of movements, to the point of being able to render it almost useless in many places .

We are detecting cases of this type in SCAM+Coronavirus campaigns. Iberlayer Email Guardian does not report cryptocurrency wallets, but it does block emails containing reported wallets.


Cover Image of Phishing: Telecommuting + Coronavirus

Phishing: Telecommuting + Coronavirus


 Due to reasons of force majeure, known to all, a huge number of companies have been forced to urgently implement the teleworking model among their employees.

 In many cases, this sudden urgency has come so suddenly that many companies have been forced to set it up without being able to count on adequate security measures and without being able to give employees minimal training in this regard.

 Cyber-criminals, well aware of this fact, are taking advantage of it: We are detecting emails that impersonate the technical departments of companies, CAUs, etc. and request data from users, with the excuse of being able to keep the teleworking service operational.

 These emails usually use the generic term "Technical Service" in the subject and/or in the signature, their writing does not contain errors, and the "from:" field shows the domain of the company, so for an end user they are difficult to detect.

 Given the circumstances, the probability that the user provides the data is very high, which makes this campaign especially dangerous.

Recommended actions:

  • Iberlayer marks the email subject with a special text when an external email is detected that uses an internal domain in the "from:" field. It is important to remember the importance of this mark, because it serves precisely to prevent scams like this.
  • As far as possible warn users about this threat.
  • As far as possible, remind users of the contact mechanism with the IT/CAU department, etc. and that it will never ask for your personal data, access data, etc.
  • It is highly likely that after these emails a phone call will be produced to the user, again making
  • Go through the Technical Service. With these lines we allow ourselves to suggest that whenever some type of data has to be given, it is the user who initiates the call or sends the first email.