NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

SCADA Security, DNS Phishing

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Enterprise Network Security Accessing the WAN Lecture week 4.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

EDUCAUSE Security 2006 Internet John Brown University.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

eScan Total Security Suite with Cloud Security

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Stuxnet The first cyber weapon.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

A sophisticated Malware Arpit Singh CPSC 420

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Mr. Mark Welton.  The five game changing viruses  Security best practices that deal with the problems.

Cyber crime & Security Prepared by : Rughani Zarana.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Module 6: Designing Security for Network Hosts

Module 11: Designing Security for Network Perimeters.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

Don’t let them catch your computer!!!!!

NETWORK SECURITY Definitions and Preventions Toby Wilson.

How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.

Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |

W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |

Securing Network Servers

Cybersecurity Case Study STUXNET worm

Propagation, behavior, and countermeasures

Comodo Dome Data Protection

Presentation transcript:

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university Dept.: Electronics and Communication CEC Batch: Aug 2012 STUXNET

What is Stuxnet? Stuxnet is a highly sophisticated computer worm that spreads via Microsoft Windows, and targets Siemens industrial software and equipment. It is mainly used for industrial sabotage and the first ever to include a programmable logic controller (PLC) rootkit.

Making of Stuxnet It was initially rumored that it was designed by Israelis or the Americans but later reports confirmed the involvement of both the countries making it a joint operation under the code name “Operation Olympic Games”

Discovery of Stuxnet The worm was at first identified by the security company VirusBlokAda in mid-June 2010 Its name is derived from some keywords discovered in the software. The reason for the discovery at this time is attributed to the virus accidentally spreading beyond its intended target (the Natanz plant) due to a programming error introduced in an update.

First Infection: Enterprise Computer Employee is transmitted project files from an offsite contractor on a USB flash drive Infected USB drive inserted into computer Even though computer is fully patched and current with anti-virus signatures, worm successfully installs Rootkit installed to hide files Attempts connection to C&C server for updates Infects any new USB Flash drive inserted into computer

Propagation on Networks Enterprise Network: Rapidly spreads to Print Servers and File Servers within hours of initial infection Perimeter Network: Infects Web Navigation Server’s WinCC SQL Server Infects STEP 7 Project files used in Web Navigation Server Terminal Services feature Infects other Windows hosts on the subnet like WSUS, ADS, AVS

How it infects the system Infected Removable Media: 1. Exploits vulnerability in Windows Shell handling of.lnk files (0-day) 2. Used older vulnerability in autorun.inf to propagate Local Area Network Communications: 3. Copies itself to accessible network shares, including administrative shares 4. Copies itself to printer servers (0-day) 5. Uses “Conficker” vulnerability in RPC Infected Siemens Project Files: 6. Installs in WinCC SQL Server database via known credentials 7. Copies into STEP7 Project files

How it infects the system All Windows Hosts ◦ Installs rootkit and loader ◦ Creates configuration and data files ◦ Propagates to other potential hosts Siemens PCS7 STEP7 Hosts ◦ Wraps S7 Device OS driver (MitM + PLC rootkit) ◦ Looks for specific PLC models  Infects S7 Project files  PROFIBUS driver replaced Siemens PCS7 WinCC Hosts ◦ Infects WinCC SQL Server database files Target System ◦ Injects 1 of 3 different payloads into PLC

Stuxnet & India In mid-July 2010 National Technical Research Organization (NTRO) estimated of 10,000 infected computers in India, of which 15 were located at what are called 'critical infrastructure' facilities including the Gujarat and Haryana electricity boards and an ONGC offshore oil rig. While the flaw caused Stuxnet to reach these computers, thankfully, it did not activate itself on them. In other words, India was only a few flawed lines of code away from having its power and oil sectors crippled.

What can we do? Short-Term Complete prevention is not realistic Provide additional protection around high-risk assets Focus on complete life-cycle of cyber breach Escalate advanced attacks to national authorities Contain attack to minimize consequences Deploy, operate & maintain ICS-appropriate advanced security technologies & practices ◦ Whitelisting ◦ Advanced Firewalls ◦ Unidirectional Gateways ◦ Intrusion Detection ◦ SIEM / Log Analysis ◦ Compliance Managers

What can we do? Long-Term Current best practices need improvement Improve content inspection of ICS protocols Hardware-based security, not software

STUXNET Thank you for the attendance