STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

Slides:



Advertisements
Similar presentations
SCADA Security, DNS Phishing
Advertisements

Some Stuxnet Related Comments [excerpted from a longer presentation] Joe St Sauver, Ph.D.
How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Real world example: Stuxnet Worm. Stuxnet: Overview June 2010: A worm targeting Siemens WinCC industrial control system. Targets high speed variable-frequency.
The 1-hour Guide to Stuxnet
Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Nasca Internet Networking and Security viruses.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Slide 1 Vitaly Shmatikov (based on Symantec’s “Stuxnet Dossier”) CS 361S Stuxnet.
eAutomation Enabler – Advantech Industrial NETworking
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
30/11/ Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Stuxnet The first cyber weapon.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
A sophisticated Malware Arpit Singh CPSC 420
Mr. Mark Welton.  The five game changing viruses  Security best practices that deal with the problems.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Security at NCAR David Mitchell February 20th, 2007.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
Section 4.2 AQA Computing A2 © Nelson Thornes 2009 Types of Operating System Unit 3 Section 4.1.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.
 Stuxnet: The Future of Malware? Stephan Freeman.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Networks Computer Technology Day 17. Network  Two or more computers and other devices (printers or scanners) that are connected, for the purpose of sharing.
DEFINING A VIRUS By saad. Defining a virus A virus is a piece of code or program. A virus is loaded onto the computer and runs without your command All.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Malicious Software.
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
Stuxnet.
Don’t let them catch your computer!!!!!
NetModule Cloud Solution Professional M2M Networking out of the Cloud © 2014 NetModule AG Slide 1.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
History The worm was at first identified by the security company VirusBlokAda in mid-June Journalist Brian Krebs's blog posting on 15 July 2010.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
Stuxnet By Shane Serafin.
Cybersecurity Case Study STUXNET worm
Introduction to Operating System (OS)
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
Propagation, behavior, and countermeasures
Object Oriented Programming and Software Engineering CIS016-2
CS703 - Advanced Operating Systems
King Saud University- College OF Applied Studies
King Saud University- College OF Applied Studies
Test 3 review FTP & Cybersecurity
Presentation transcript:

STUXNET

Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s

Stuxnet: Overview June 2010: A worm targeting Siemens WinCC industrial control system. Targets high speed variable-frequency programmable logic motor controllers from just two vendors: Vacon (Finland) and Fararo Paya (Iran) Only when the controllers are running at 807Hz to 1210Hz. Makes the frequency of those controllers vary from 1410Hz to 2Hz to 1064Hz. 3

Industrial Control Systems (ICS) ICS are operated by a specialized assembly like code on programmable logic controllers (PLCs). The PLCs are programmed typically from Windows computers. The ICS are not connected to the Internet. ICS usually consider availability and ease of maintenance first and security last.

Seimens SIMATIC PLCs 5

How it works. Transferred through USB sticks. Designed to be spread to non-online machines Windows Explorer LNK file exploit When scanned, it dropped a large.dll file containing the malicious code onto the computer. Uses two stolen certificates to prevent unauthorized- access alarms. Realtek Semiconductors JMicron Technology Corp Both in Taiwan, in close vicinity.

How it works cont’d… Each time Stuxnet infected a system, it “phoned home” to one of two domains: hosted on servers in Malaysia and Denmark Included internal & external IP addresses, OS, and if the machine was running step7 Stuxnet would spread from system to system within a LAN until it found a PLC. The original s7otbxdx.dll is responsible for handling PLC block exchange between the programming device and the PLC. By replacing this.dll file with its own, Stuxnet is able to perform the following actions: Monitor PLC blocks being written to and read from the PLC. Infect a PLC by inserting its own blocks

Stuxnet Overview Components used Multiple Zero-day exploits Windows rootkit PLC rootkit (first ever) Antivirus evasion Peer-to-Peer updates Signed driver with a valid certificate Command and control interface Stuxnet consists of a large.dll file Designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 systems.

PLC Man-in-the-middle Attack

Nuclear Centrifuge Technology Uranium-235 separation efficiency is critically dependent on the centrifuges’ speed of rotation Separation is theoretically proportional to the peripheral speed raised to the 4th power. So any increase in peripheral speed is helpful. That implies you need strong tubes, but brute strength isn’t enough: centrifuge designs also run into problems with “shaking” as they pass through naturally resonant frequencies “shaking” at high speed can cause catastrophic failures to occur.

Wired.com

Stuxnet Infection Statistics Infected Hosts 29 September 2010, From Symantec

Let’s watch it happen!

The Targets

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.