Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010."— Presentation transcript:

1 Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010

2 Stuxnet Background 3 zero-day Windows vulnerabilities leveraged Designed to attack Programmable Logic Controllers (PLCs) – SCADA = supervisory control and data acquisition – Leveraged SIMATIC (Siemens) WinCC/Step 7 control software vulnerabilities – Changes configurations of controlled PLCs Required specific brands of variable-frequency drives (VFD) manufactured in either Finland or Iran

3 Stuxnet Background Exploit Code > 500KB – USB stick distribution – Receives updates from 2 command-and-control servers (since disabled) – Receives updates from peer-to-peer network Sophisticated design, expensive to create – 8 to 10 people – 6 months to write/test

4 Stuxnet Distribution Malware Distribution (by country based on WAN IP) 1.Iran – 60K+ 2.Indonesia – 10K+ 3.India – <10K 4.China – 6M+ (1K business IPs) Target speculation – Iran’s nuclear program – India’s space program

5 Stuxnet Infections (Symantec)

6 Stuxnet Attribution Government? – Israel (Obvious clues within code) – U.S. Funded organization? – Russian contractors for Iran’s nuclear program Criminal? – Sabotage v. Extortion

7 Malware Attribution Challenges Law enforcement entities – Demonstrate financial loss – Nuisance v. criminal activity Private RCA – Risk of incrimination Code source – Who ‘owns’ the botnet? – Who loaded the USB sticks?

8 Sources Bruce Schneier Blog, 7-Oct-2010: http://www.schneier.com/blog/archives/2010/10/stuxnet.h tml http://www.schneier.com/blog/archives/2010/10/stuxnet.h tml Symantec Stuxnet Dossier, v 1.3 (November 2010): http://www.symantec.com/content/en/us/enterprise/medi a/security_response/whitepapers/w32_stuxnet_dossier.pdf http://www.symantec.com/content/en/us/enterprise/medi a/security_response/whitepapers/w32_stuxnet_dossier.pdf Stuxnet: Fact vs. theory, CNET article, 5-Oct-2010: http://news.cnet.com/8301-27080_3-20018530-245.html http://news.cnet.com/8301-27080_3-20018530-245.html Clues emerge about genesis of Stuxnet worm, The Christian Science Monitor, 1-Oct-2010: http://www.csmonitor.com/World/terrorism- security/2010/1001/Clues-emerge-about-genesis-of- Stuxnet-worm http://www.csmonitor.com/World/terrorism- security/2010/1001/Clues-emerge-about-genesis-of- Stuxnet-worm

Download ppt "Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010."

Similar presentations

Computer security Viruses Hacking Backups

Computer security Viruses Hacking Backups
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
4 Information Security.

4 Information Security.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery.
How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013, 54- 61.

Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013,
Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): cyber warfare is actions by.

Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): "cyber warfare" is "actions by.
HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.
Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.

Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.
1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.

1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.
Information Security in Higher Education Today Current Threats

Information Security in Higher Education Today Current Threats
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.

Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.

Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.
DATA FORMATS FOR AUTOMATION APPLICATIONS AND PROGRAMMABLE LOGIC CONTROLLER (PLC) 1.

DATA FORMATS FOR AUTOMATION APPLICATIONS AND PROGRAMMABLE LOGIC CONTROLLER (PLC) 1.

Similar presentations

Ads by Google