Presentation is loading. Please wait.

Presentation is loading. Please wait.

Propagation, behavior, and countermeasures

Published byKatja Auttenberg Modified over 5 years ago

Similar presentations

Presentation on theme: "Propagation, behavior, and countermeasures"— Presentation transcript:

1 Propagation, behavior, and countermeasures
The Stuxnet worm Propagation, behavior, and countermeasures By Arsh Tavi

2 What does it do? Nothing, if you are an ordinary computer infected by it. But if you are a computer in a nuclear facility, it will cause some serious harm. It will slow down and speed up centrifuges to the point that uranium enriched by them is either in poor quality or the centrifuges explode, all while preventing emergency shutdown.

3 What's the big deal then? Stuxnet used four zero-day exploits and acts as a rootkit with remote control capabilities Task Scheduler (Vista) Printer Spool Keyboard Layout (XP) Removable drive .lnk

4 Infected SCADA (Supervisory control and data acquisition) PLC’s (Programmable Logic Controller)
Infects/reinfects attached computers Uses an exploit with a hard-coded database password in Siemens SCADA machines

5 Why didn’t anyone notice this initially?
2 stolen digital certificates (RealTek and JMicron) Loads into Kernel memory using certificate through drivers Allocates memory in Windows/Anti-malware process and injects itself in it Only harmed centrifuges every 27 days for minute intervals

6 Field Test Network off Win Defender off Firewall off
(courtesy of Symantec) (files archived by tuts4you) Network off Win Defender off Firewall off Did not run on Windows 10

7 So what can be done to prevent this worm?
Isolate inner networks and shut off Internet access in nuclear facilities Patch operating systems Disable autoplay for removable drives Use anti-malware software and keep it updated

8 Fun fact: The worm is made to self-destruct on June 24 - 2012
Conclusion This super-worm was probably made by a state-sponsored group targeting Iran’s nuclear facility, Natanz. It serves as a pinnacle in the development of modern cyber weapons due to its complexity, nature, and the amount of zero-day exploits utilized. Fun fact: The worm is made to self-destruct on June

Download ppt "Propagation, behavior, and countermeasures"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Computer security Viruses Hacking Backups

Computer security Viruses Hacking Backups
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June 2009 512 KB in size First public knowledge July 2010 60% of infected.

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another.

Worms By: Aaron Stahler. Difference Between a Worm and A Virus Viruses are computer programs that are designed to spread themselves from one file to another.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionuţ – Daniel BARBU.

Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionuţ – Daniel BARBU.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
Stuxnet The first cyber weapon.

Stuxnet The first cyber weapon.

Similar presentations

Ads by Google