Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

Slides:

Advertisements

Similar presentations

SCADA Security, DNS Phishing

Advertisements

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013,

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

The 1-hour Guide to Stuxnet

Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

Bill Gates’ RSA 2006 Keynote presentation Questions and answers.

Stuxnet The first cyber weapon.

Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.

Data Center Infrastructure

A sophisticated Malware Arpit Singh CPSC 420

PART THREE E-commerce in Action Norton University E-commerce in Action.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

What is a virus??????? A virus is an of some sort sent to you that will usually shut down or corrupt your computer. It will then send the virus.

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

 Stuxnet: The Future of Malware? Stephan Freeman.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Randy Beavers CS 585 – Computer Security February 19, 2009.

©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.

Topic 5: Basic Security.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

A New Security Blueprint Shantanu Ghosh Vice President, Enterprise Security & India Product Operations.

Computer Security By Duncan Hall.

Understand Malware LESSON Security Fundamentals.

Battles in Cyber Space Dr Richard E Overill Department of Informatics.

Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.

How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |

Command Line & Information Security Pillars

Industrial Control System Cybersecurity

W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |

Stuxnet By Shane Serafin.

Cloud Computing Cloud computing: (the Internet represents the Cloud).

Cybersecurity Case Study STUXNET worm

CIS 560 Possible Is Everything/snaptutorial.com

CIS 560Competitive Success/tutorialrank.com

CIS 560 Education for Service-- tutorialrank.com.

A quick look into today’s APTs

Propagation, behavior, and countermeasures

Object Oriented Programming and Software Engineering CIS016-2

6. Application Software Security

Presentation transcript:

Lessons from Stuxnet Matthew McNeill

Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller rootkit, network and removable drive infection, peer-to-peer updates, and a command and control interface Injects custom code into Siemens PLC Forces PLC to report false values for frequency converter drives and run them at speeds exceeding their capacity Most infections in Iran

Some Quotes from Symantec "...design documents may have been stolen by an insider..." "Attackers would need to setup a mirrored environment..." "...six months and five to ten core developers..." "...obtain the digital certificates from someone who may have physically entered the premises of the two companies and stole them..." "Updates to [the Stuxnet executable] would be propagated throughout the facility through a peer-to-peer network..."

Unanswered Questions Who wrote it? What was its target? Was there an insider? How did it enter the network?

Why Stuxnet is important Hype aside, Stuxnet is a game changer Infrastructure attacks - speculation vs. reality Attacks high-value targets via conventional computer attack vectors "What it showed was that our current ways of thinking about security are flawed." - David Kennedy, Diebold

Lessons Vital systems not protected by a lack of Internet connection Vital systems not protected by complexity, expense, and proprietary code Vital systems not protected by difficulty of attack Infiltration does not have to happen over a network Management vs. network security Destroy Iran's nuclear program - speculation, but worth considering

Closing Thought Duqu Parts nearly identical to Stuxnet Information gathering, not sabotage - remote access Communicated with command and control server in India Who and why?