 Stuxnet: The Future of Malware? Stephan Freeman.

Slides:



Advertisements
Similar presentations
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Advertisements

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
The 1-hour Guide to Stuxnet
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
National Security Brittany Haga Sean Bevans Kelsey Splinter.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Geneva, Switzerland, September 2014 Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov,
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
Stuxnet The first cyber weapon.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
Viruses.
A sophisticated Malware Arpit Singh CPSC 420
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.
Cyber Terrorism Shawn Carpenter Computer Security Analyst
Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Computer Security... By Kate Robinson 8P Viruses Hackers Backups Stuxnet Gary Mckinnon.
James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.
CyberPatriot: Introduction to Cyber Security 9/10/10 Joshua White Director of CyOON R&D Everis Inc (315)
Stuxnet.
Understand Malware LESSON Security Fundamentals.
Battles in Cyber Space Dr Richard E Overill Department of Informatics.
Security Mindset Lesson Introduction Why is cyber security important?
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
The Current State of Cyber Security and How to Defend Your Data.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
October 28, 2015 Cyber Security Awareness Update.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
How Secure Is Our Power Grid?
Firmware threat Dhaval Chauhan MIS 534.
Stuxnet By Shane Serafin.
Agenda Control systems defined
Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain
How SCADA Systems Work?.
Cybersecurity Case Study STUXNET worm
CIS 560 Possible Is Everything/snaptutorial.com
CIS 560 Education for Service-- snaptutorial.com.
CIS 560Competitive Success/tutorialrank.com
CIS 560 Education for Service-- tutorialrank.com.
CIS 560 Teaching Effectively-- snaptutorial.com
Propagation, behavior, and countermeasures
Object Oriented Programming and Software Engineering CIS016-2
Industrial Control Cross 11, Tapovan Enclave Nala pani Road, Dehradun : ,
Cyber Security For Civil Engineering
Presentation transcript:

 Stuxnet: The Future of Malware? Stephan Freeman

Theme  Systems physically controlling something…  Getting hacked…  Disasters averted. Just.  The reality isn’t so different…

Previous Incidents  Slammer disables safety systems at Ohio Davis-Besse Nuclear Plant in US for five hours in 2003  Blaster affects US powergrid during 2003 blackout  Disgruntled employee in Australia logs in over WiFi at his old employers and releases over a million litres of raw sewage  14 year-old in Lodz, Poland, derails trams after taking over the signaling system in 2008  Many more undisclosed

Previous Incidents  All either accidental/side effects of non-targeted attacks  Or bored/disgruntled individuals  Stuxnet signifies something new: Malware specifically targeted at a country’s physical infrastructure.

What is it?  Windows-based malware, targeting very specific configurations  Used four zero-day vulnerabilities  Is the first Process Control-specific malware seen  Almost certainly state-sponsored  Possibly an insight into the future of malware

Process Control Systems  Systems used to bridge the logical and physical interface  Several types of components, used in industrial environments (PLCs, DCSs…)  Manufactured by Siemens, GE, ABB, Westinghouse  Often referred to as SCADA systems (Supervisory Control And Data Acquisition)

SCADA  Controls almost anything, e.g.:  Traffic signals  Train signals  Amusement parks rides  Water processing systems  Power station generators  Factory assembly lines  Electrical substations

Vulnerabilities  COTS components used with known vulnerabilities  Lag between patches being released and being certified for a particular system  Poorly-written OS or TCP/IP stack on individual components  Lack of understanding of the risk  Multiple 3 rd parties involved in integration of large-scale systems

Stuxnet - Detail  Targeted Windows PCs connected to Siemens PLCs (specifically S7-300)  Spread via USB sticks and over the Internet using 4 zero-day vulnerabilities  Installs itself as a rootkit in Windows, using stolen driver signing certificates  Modified the Step-7 application used to reprogram PLCs  Installs itself on the Siemens PLC

What is a PLC?

Stuxnet - Detail  Once on the PLC, checks whether either Vacon (Finnish) or Fararo Paya (Iranian) frequency converter drives are attached  Checks what frequency they’re running at: if they’re between 807 Hz and 1210 Hz, it changes the frequency of the drives periodically.  The frequencies happen to correspond to those needed for gas centrifuges, such as those used in the enrichment of uranium  Done in such a way as to hide any error messages being passed back to the controller  Automatically deletes itself on the 24 th of June 2012

Target? Iranian uranium enrichment centrifuges, inspected by President Ahmedinejad

Stuxnet - Infections From Symantec:

Impact  US not affected – very few infections  Possible links to 10 large-scale explosions in Iranian oil and petrochemical plants  Affected numerous centrifuges at Iran’s main uranium processing plant in Natanz  Could have caused “large scale accidents and loss of life” in Iran, according to AP

Why do it?  Deniability  Physical distance  Stealth  Unclear response

Stuxnet – Author?  Difficult to tell who wrote it  Common consensus is that it was state- sponsored  Too much technical knowledge to be casual hackers

This may have happened before…  Pipeline explosion in former Soviet Union in 1982  CIA alleged to have deliberately sabotaged SCADA equipment destined for the Trans-Siberian Pipeline, stolen by the KGB  Supposedly used a logic-bomb  Resultant explosion had a force of three-kilotons of TNT

What does the future hold?  More targeted attacks  Private companies on the front-line  Over 30 countries have cyber-warfare programmes  More hacktivists  General need to “batten down the hatches”

Who receives targeted attacks? 24 Worldwide industry sector since 2008 Targeted Attacks - Infosec targeted attacks during 2010

What can we do?  Loads of advice available  Organisations should think hard about the threats they face  Take a holistic approach, looking at physical security as well as information security  Accept that it may not be possible to defend networks against concerted, well funded attack and consider keeping the most critical information offline.

Further reading  ked_to_severity_of_blackout?taxonomyId=083 ked_to_severity_of_blackout?taxonomyId=083     uxnet_1 uxnet_1 

Stephan Freeman BSc MSc MBCS CITP Information Security Manager London School of Economics & Political Science Secretary, ISSA UK / Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.