Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Slides:



Advertisements
Similar presentations
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Advertisements

By Hiranmayi Pai Neeraj Jain
How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Real world example: Stuxnet Worm. Stuxnet: Overview June 2010: A worm targeting Siemens WinCC industrial control system. Targets high speed variable-frequency.
Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Geneva, Switzerland, September 2014 Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov,
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Stuxnet The first cyber weapon.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
By Lance Westberg. How does Stuxnet infect industrial control systems? Stuxnet is a complex piece of malware with many different components and functionalities.
A sophisticated Malware Arpit Singh CPSC 420
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Mr. Mark Welton.  The five game changing viruses  Security best practices that deal with the problems.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.
{ Macro by Gabriel and Brian. Definiti on a macro virus is a virus that is written in a macro language that is to say, a language built into a software.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
 Stuxnet: The Future of Malware? Stephan Freeman.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
Malicious Software.
Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
A New Security Blueprint Shantanu Ghosh Vice President, Enterprise Security & India Product Operations.
Stuxnet.
Understand Malware LESSON Security Fundamentals.
W elcome to our Presentation. Presentation Topic Virus.
Battles in Cyber Space Dr Richard E Overill Department of Informatics.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Viruses A computer program that can replicate itself and is spread from one computer to another Can be spread by networks, the internet, or removable mediums.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Network Attacks Instructor: Dr. X. Outline Worms DoS.
History The worm was at first identified by the security company VirusBlokAda in mid-June Journalist Brian Krebs's blog posting on 15 July 2010.
Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
Computer safety Filip Hruby.
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
How Secure Is Our Power Grid?
Stuxnet By Shane Serafin.
CYBER SECURITY...
Cybersecurity Case Study STUXNET worm
Viruses and Other Malicious Content
CIS 560 Possible Is Everything/snaptutorial.com
Propagation, behavior, and countermeasures
Object Oriented Programming and Software Engineering CIS016-2
WJEC GCSE Computer Science
Presentation transcript:

Jonathan Baulch

 A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific software created by Siemens

 June 2009 – Earliest Stuxnet version seen. Lacks many complexities of the later versions  January 25, 2010 – Stuxnet driver signed with valid certificate from Realtek Semiconductor Corps  June 17, 2010 – Virusblokada reports W32.Stuxnet named RootkitTmphider  July 13, 2010 – Symantec adds detection known as W32.Temphid

 July 16, 2010 – Verisign revokes Realtek Semiconductor Corps certificate  July 17, 2010 – Eset identifies new Stuxnet driver with certificate from JMicron Technology Corp.  July 19, 2010 – Siemens reports they are investigating reports of malware affecting Siemens WinCC SCADA systems

 August 6, 2010 – Symantec reports how Stuxnet can inject and hide code on a PLC  September 30, 2010 – Symantec presents at Virus Bulletin and releases comprehensive analysis of Stuxnet

 Self-replicates through removable drives exploiting a vulnerability allowing auto- execution  Spreads in a LAN through a vulnerability in the Windows Print Spooler  Copies and executes itself on remote computers through network shares

 Copies and executes itself on remote computers running a WinCC database server  Copies itself into Step 7 projects in such a way that it automatically loads when Step 7 is run  Updates itself through a peer-to-peer mechanism within a LAN

 Exploits 4 different zero-day Microsoft vulnerabilities  Contacts a command and control server that allows a hacker to download and execute code  Contains a Windows rootkit that hides its binaries

 Attempts to bypass security products  Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system  Hides modified code on PLCs

 PLC – Programmable Logic Controller ◦ Loaded with blocks of code and data written using a variety of languages such as STL or SCL ◦ PLCs are small embedded industrial control systems that run automated processes on factory floors, chemical and nuclear plants, oil refineries, etc.

 It has yet to be discovered who authored the Stuxnet worm and who/what the target was. ◦ Research project that got out of control. There is history of accidental releases of worms by researches before. ◦ Criminal worm designed to demonstrate the power the authors possess. ◦ Worm released by the U.S. military to scare government into increasing the budget for cyber security. ◦ Developed by Israel to attack Iran

 Iran was one of the top countries to be affected most by the Stuxnet worm.  Iran currently is constructing a nuclear plant in Bushehr and experts believe the delays have been the result of Stuxnet.  Report by Siemens expert, Ralph Langer, says that Stuxnet could easily cause a refinery’s centrifuge to malfunction.

 Stuxnet achieved many things in the malicious code realm  First to exploit 4 0-day vulnerabilities  Compromised 2 digital certificates  Injected code into industrial control systems and hid the code from operators.

 Many experts say it is the most complex malicious software created in the history of cyber security.  Highlights that it is possible to attack critical infrastructures in places other than Hollywood movies.  Improbable that copy cat attacks will begin to be mass produced due to the complexity of the software.

 W32.Stuxnet Dossier - net_dossier.pdf net_dossier.pdf  Schneier on Security -  Details on the first-ever control system malware htmlhttp://news.cnet.com/ _ html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.