Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Stuxnet: The Future of Malware? Stephan Freeman.

Published byDale Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: " Stuxnet: The Future of Malware? Stephan Freeman."— Presentation transcript:

1  Stuxnet: The Future of Malware? Stephan Freeman

2

3

4

5

6 Theme  Systems physically controlling something…  Getting hacked…  Disasters averted. Just.  The reality isn’t so different…

7 Previous Incidents  Slammer disables safety systems at Ohio Davis-Besse Nuclear Plant in US for five hours in 2003  Blaster affects US powergrid during 2003 blackout  Disgruntled employee in Australia logs in over WiFi at his old employers and releases over a million litres of raw sewage  14 year-old in Lodz, Poland, derails trams after taking over the signaling system in 2008  Many more undisclosed

8 Previous Incidents  All either accidental/side effects of non-targeted attacks  Or bored/disgruntled individuals  Stuxnet signifies something new: Malware specifically targeted at a country’s physical infrastructure.

9 What is it?  Windows-based malware, targeting very specific configurations  Used four zero-day vulnerabilities  Is the first Process Control-specific malware seen  Almost certainly state-sponsored  Possibly an insight into the future of malware

10 Process Control Systems  Systems used to bridge the logical and physical interface  Several types of components, used in industrial environments (PLCs, DCSs…)  Manufactured by Siemens, GE, ABB, Westinghouse  Often referred to as SCADA systems (Supervisory Control And Data Acquisition)

11 SCADA  Controls almost anything, e.g.:  Traffic signals  Train signals  Amusement parks rides  Water processing systems  Power station generators  Factory assembly lines  Electrical substations

12

13 Vulnerabilities  COTS components used with known vulnerabilities  Lag between patches being released and being certified for a particular system  Poorly-written OS or TCP/IP stack on individual components  Lack of understanding of the risk  Multiple 3 rd parties involved in integration of large-scale systems

14 Stuxnet - Detail  Targeted Windows PCs connected to Siemens PLCs (specifically S7-300)  Spread via USB sticks and over the Internet using 4 zero-day vulnerabilities  Installs itself as a rootkit in Windows, using stolen driver signing certificates  Modified the Step-7 application used to reprogram PLCs  Installs itself on the Siemens PLC

15 What is a PLC?

16 Stuxnet - Detail  Once on the PLC, checks whether either Vacon (Finnish) or Fararo Paya (Iranian) frequency converter drives are attached  Checks what frequency they’re running at: if they’re between 807 Hz and 1210 Hz, it changes the frequency of the drives periodically.  The frequencies happen to correspond to those needed for gas centrifuges, such as those used in the enrichment of uranium  Done in such a way as to hide any error messages being passed back to the controller  Automatically deletes itself on the 24 th of June 2012

17 Target? Iranian uranium enrichment centrifuges, inspected by President Ahmedinejad

18 Stuxnet - Infections From Symantec: http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99

19 Impact  US not affected – very few infections  Possible links to 10 large-scale explosions in Iranian oil and petrochemical plants  Affected numerous centrifuges at Iran’s main uranium processing plant in Natanz  Could have caused “large scale accidents and loss of life” in Iran, according to AP

20 Why do it?  Deniability  Physical distance  Stealth  Unclear response

21 Stuxnet – Author?  Difficult to tell who wrote it  Common consensus is that it was state- sponsored  Too much technical knowledge to be casual hackers

22 This may have happened before…  Pipeline explosion in former Soviet Union in 1982  CIA alleged to have deliberately sabotaged SCADA equipment destined for the Trans-Siberian Pipeline, stolen by the KGB  Supposedly used a logic-bomb  Resultant explosion had a force of three-kilotons of TNT

23 What does the future hold?  More targeted attacks  Private companies on the front-line  Over 30 countries have cyber-warfare programmes  More hacktivists  General need to “batten down the hatches”

24 Who receives targeted attacks? 24 Worldwide industry sector since 2008 Targeted Attacks - Infosec 18172 targeted attacks during 2010

25 What can we do?  Loads of advice available  Organisations should think hard about the threats they face  Take a holistic approach, looking at physical security as well as information security  Accept that it may not be possible to defend networks against concerted, well funded attack and consider keeping the most critical information offline.

26 Further reading  http://www.computerworld.com/s/article/84510/Blaster_worm_lin ked_to_severity_of_blackout?taxonomyId=083 http://www.computerworld.com/s/article/84510/Blaster_worm_lin ked_to_severity_of_blackout?taxonomyId=083  http://www.scadasecurity.org http://www.scadasecurity.org  http://www.theregister.co.uk/2008/01/11/tram_hack/ http://www.theregister.co.uk/2008/01/11/tram_hack/  http://www.cpni.gov.uk/advice/infosec/business-systems/scada/ http://www.cpni.gov.uk/advice/infosec/business-systems/scada/  http://news.yahoo.com/s/nm/20110417/ts_nm/us_iran_nuclear_st uxnet_1 http://news.yahoo.com/s/nm/20110417/ts_nm/us_iran_nuclear_st uxnet_1  http://www.symantec.com/connect/blogs/stuxnet-breakthrough http://www.symantec.com/connect/blogs/stuxnet-breakthrough

27 Stephan Freeman BSc MSc MBCS CITP Information Security Manager London School of Economics & Political Science Secretary, ISSA UK s.freeman@lse.ac.uk / stephan.freeman@issa-uk.org Thank You

Download ppt " Stuxnet: The Future of Malware? Stephan Freeman."

Similar presentations

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
The 1-hour Guide to Stuxnet

The 1-hour Guide to Stuxnet
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
National Security Brittany Haga Sean Bevans Kelsey Splinter.

National Security Brittany Haga Sean Bevans Kelsey Splinter.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Geneva, Switzerland, 15-16 September 2014 Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov,

Geneva, Switzerland, September 2014 Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov,
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
Stuxnet The first cyber weapon.

Stuxnet The first cyber weapon.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) 365-2200 National Response Center: 1-800-424-8802 Website:

Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
Viruses.

Viruses.

Similar presentations

Ads by Google