Object Oriented Programming and Software Engineering CIS016-2

Slides:

Advertisements

Similar presentations

Let’s Talk About Cyber Security

Advertisements

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): "cyber warfare" is "actions by.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.

Wars Games By: Chris Hill. What is a Cyberwar? Cyberwar is a type of warfare that is all electronic attach instead of a physical attack which involves.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.

A sophisticated Malware Arpit Singh CPSC 420

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

By Ksenia Primizenkina 8K

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.

 Stuxnet: The Future of Malware? Stephan Freeman.

Computer Security! By Tiffy O’Connell Viruses Backup Hackers.

Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topic 5: Basic Security.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

Understand Malware LESSON Security Fundamentals.

Battles in Cyber Space Dr Richard E Overill Department of Informatics.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Network Attacks Instructor: Dr. X. Outline Worms DoS.

Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.

How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |

Virtualisation in Education: Information Security Lab in Your Pocket Alexandre Karlov, JINR

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Mark Ryan Professor of Computer Security 25 November 2009

Ted Allen Rotary May 17, 2017 WannaCry Ransomware Ted Allen Rotary May 17, 2017.

Industrial Control System Cybersecurity

International Conflict & Cyber Security

W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |

How Secure Is Our Power Grid?

Executive Director and Endowed Chair

Object Oriented Programming and Software Engineering CIS016-2

The Internet Worm Compromising the availability and reliability of systems through security failure.

Stuxnet By Shane Serafin.

STUXNET A Worm With A Purpose.

Instructor Materials Chapter 7 Network Security

Computer Network Security

How SCADA Systems Work?.

Cybersecurity Case Study STUXNET worm

White Hat vs. Black Hat White Hat Black Hat

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

CIS 560 Innovative Education-- snaptutorial.com

A quick look into today’s APTs

Propagation, behavior, and countermeasures

Forensics Week 12.

I UNDERSTAND CONCEPTS OF CYBERSECURITY

Test 3 review FTP & Cybersecurity

Cyber Security For Civil Engineering

Presentation transcript:

Object Oriented Programming and Software Engineering CIS016-2 Week 3: Cybersecurity Case Study – STUXNET Worm Sue Brandreth 24/11/2018

24/11/2018

Cyber Warfare The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. These systems are used in Iran for uranium enrichment Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment 24/11/2018

What is a Worm? Malware that can infect a computer-based system and autonomously spread to other systems without user intervention Unlike a virus, no need for a carrier or any explicit user actions to spread the worm 24/11/2018

The Target of the Worm? 24/11/2018

The STUXNET Worm Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges Very specific targeting – only aimed at Siemens controllers for this type of equipment It can spread to but does not damage other control systems 24/11/2018

24/11/2018

Worm Actions Takes over operation of the centrifuge from the SCADA controller Sends control signals to PLCs managing the equipment Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage Blocks signals and alarms to control centre from local PLCs 24/11/2018

Stuxnet Penetration Initially targets Windows systems used to configure the SCADA system Uses four different vulnerabilities to affect systems Three of these were previously unknown So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. Spread can’t be stopped by fixing a single vulnerability 24/11/2018

Stuxnet Technology Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. Uses a vulnerability in the print system to spread from one machine to another Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet 24/11/2018

The Myth of the Air Gap Centrifuge control systems were not connected to the internet Initial infection thought to be through infected USB drives taken into plant by unwitting system operators Beware of freebies! 24/11/2018

Damage Caused It is thought that between 900 and 1000 centrifuges were destroyed by the actions of STUXNET This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment 24/11/2018

Unproven Speculations Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran 24/11/2018

Unproven Speculations 24/11/2018

Unproven Speculations Because STUXNET did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development There was no intention for the worm to spread beyond Iran Other countries with serious infections include India, Indonesia and Azerbaijan 24/11/2018

Unproven Speculations The STUXNET worm is a multipurpose worm and there are a range of versions with different functionality in the wild These use the same vulnerabilities to infect systems but they behave in different ways One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. 24/11/2018

Summary STUXNET worm is an early instance of cyber warfare where SCADA controllers were targeted Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges Used a range of vulnerabilities to infect systems 24/11/2018