Propagation, behavior, and countermeasures

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

Computer security Viruses Hacking Backups

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionuţ – Daniel BARBU.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Stuxnet The first cyber weapon.

Hands-On Microsoft Windows Server 2008

A sophisticated Malware Arpit Singh CPSC 420

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)

Information Technology Software. SYSTEM SOFTWARE.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

Attack Plan Alex. Introduction This presents a step-by-step attack plan to clean up an infected computer This presents a step-by-step attack plan to clean.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

 Stuxnet: The Future of Malware? Stephan Freeman.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Computer Security... By Kate Robinson 8P Viruses Hackers Backups Stuxnet Gary Mckinnon.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

All about viruses, hacking and backups By Harriet Thomas.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

OPERATING SYSTEM REVIEW. System Software The programs that control and maintain the operation of the computer and its devices The two parts of system.

Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.

For more information on Rouge, visit:

How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |

Chapter 40 Internet Security.

Industrial Control System Cybersecurity

W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |

Stuxnet By Shane Serafin.

Operating System Review

Lecture 8. Cyber Security, Ethics and Trust

Cybersecurity Case Study STUXNET worm

Chapter 3: Operating Systems

Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.

Cyber intelligence made easy.

CIS 560 Innovative Education-- snaptutorial.com

Operating System Review

Object Oriented Programming and Software Engineering CIS016-2

Types of Software.

The Main Features of Operating Systems

Basic Hardware and Software

What are Computers? C Use this tutorial alongside the numbers coded in your workbook and answer the related questions in each section.

Cyber Security For Civil Engineering

Presentation transcript:

Propagation, behavior, and countermeasures The Stuxnet worm Propagation, behavior, and countermeasures By Arsh Tavi

What does it do? Nothing, if you are an ordinary computer infected by it. But if you are a computer in a nuclear facility, it will cause some serious harm. It will slow down and speed up centrifuges to the point that uranium enriched by them is either in poor quality or the centrifuges explode, all while preventing emergency shutdown.

What's the big deal then? Stuxnet used four zero-day exploits and acts as a rootkit with remote control capabilities Task Scheduler (Vista) Printer Spool Keyboard Layout (XP) Removable drive .lnk

Infected SCADA (Supervisory control and data acquisition) PLC’s (Programmable Logic Controller) Infects/reinfects attached computers Uses an exploit with a hard-coded database password in Siemens SCADA machines

Why didn’t anyone notice this initially? 2 stolen digital certificates (RealTek and JMicron) Loads into Kernel memory using certificate through drivers Allocates memory in Windows/Anti-malware process and injects itself in it Only harmed centrifuges every 27 days for 15-50 minute intervals

Field Test Network off Win Defender off Firewall off (courtesy of Symantec) (files archived by tuts4you) Network off Win Defender off Firewall off Did not run on Windows 10

So what can be done to prevent this worm? Isolate inner networks and shut off Internet access in nuclear facilities Patch operating systems Disable autoplay for removable drives Use anti-malware software and keep it updated

Fun fact: The worm is made to self-destruct on June 24 - 2012 Conclusion This super-worm was probably made by a state-sponsored group targeting Iran’s nuclear facility, Natanz. It serves as a pinnacle in the development of modern cyber weapons due to its complexity, nature, and the amount of zero-day exploits utilized. Fun fact: The worm is made to self-destruct on June 24 - 2012