Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Case Study STUXNET worm

Published byHester Park Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity Case Study STUXNET worm"— Presentation transcript:

1 Cybersecurity Case Study STUXNET worm

2

3 Cyber-warfare The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. These systems are used in Iran for uranium enrichment Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment

4 What is a worm? Malware that can infect a computer- based system and autonomously spread to other systems without user intervention Unlike a virus, no need for a carrier or any explicit user actions to spread the worm

5 The target of the worm

6 The STUXNET worm Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges Very specific targeting – only aimed at Siemens controllers for this type of equipment It can spread to but does not damage other control systems

7

8 Worm actions Takes over operation of the centrifuge from the SCADA controller Sends control signals to PLCs managing the equipment Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage Blocks signals and alarms to control centre from local PLCs

9 Stuxnet penetration Initially targets Windows systems used to configure the SCADA system Uses four different vulnerabilities to affect systems Three of these were previously unknown So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. Spread can’t be stopped by fixing a single vulnerability

10 Stuxnet technology Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. Uses a vulnerability in the print system to spread from one machine to another Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet

11 The myth of the air gap Centrifuge control systems were not connected to the internet Initial infection thought to be through infected USB drives taken into plant by unwitting system operators Beware of freebies!

12 Damage caused It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment

13 Unproven speculations
Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran

14

15 Unproven speculations
Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development There was no intention for the worm to spread beyond Iran Other countries with serious infections include India, Indonesia and Azerbaijhan

16 Unproven speculations
The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild These use the same vulnerabilities to infect systems but they behave in different ways

17 One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers.

18 Summary Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges Used a range of vulnerabilities to infect systems

Download ppt "Cybersecurity Case Study STUXNET worm"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June 2009 512 KB in size First public knowledge July 2010 60% of infected.

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): cyber warfare is actions by.

Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): "cyber warfare" is "actions by.
HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.
Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.

Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.

Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
A sophisticated Malware Arpit Singh CPSC 420

A sophisticated Malware Arpit Singh CPSC 420
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
By Ksenia Primizenkina 8K

By Ksenia Primizenkina 8K

Similar presentations

Ads by Google