Presentation is loading. Please wait.

Presentation is loading. Please wait.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

Similar presentations


Presentation on theme: "STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s."— Presentation transcript:

1 STUXNET

2 Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s

3 Stuxnet: Overview June 2010: A worm targeting Siemens WinCC industrial control system. Targets high speed variable-frequency programmable logic motor controllers from just two vendors: Vacon (Finland) and Fararo Paya (Iran) Only when the controllers are running at 807Hz to 1210Hz. Makes the frequency of those controllers vary from 1410Hz to 2Hz to 1064Hz. 3

4 Industrial Control Systems (ICS) ICS are operated by a specialized assembly like code on programmable logic controllers (PLCs). The PLCs are programmed typically from Windows computers. The ICS are not connected to the Internet. ICS usually consider availability and ease of maintenance first and security last.

5 Seimens SIMATIC PLCs 5

6 How it works. Transferred through USB sticks. Designed to be spread to non-online machines Windows Explorer LNK file exploit When scanned, it dropped a large.dll file containing the malicious code onto the computer. Uses two stolen certificates to prevent unauthorized- access alarms. Realtek Semiconductors JMicron Technology Corp Both in Taiwan, in close vicinity.

7 How it works cont’d… Each time Stuxnet infected a system, it “phoned home” to one of two domains: www.mypremierfutbol.com www.todaysfutbol.com hosted on servers in Malaysia and Denmark Included internal & external IP addresses, OS, and if the machine was running step7 Stuxnet would spread from system to system within a LAN until it found a PLC. The original s7otbxdx.dll is responsible for handling PLC block exchange between the programming device and the PLC. By replacing this.dll file with its own, Stuxnet is able to perform the following actions: Monitor PLC blocks being written to and read from the PLC. Infect a PLC by inserting its own blocks

8 Stuxnet Overview Components used Multiple Zero-day exploits Windows rootkit PLC rootkit (first ever) Antivirus evasion Peer-to-Peer updates Signed driver with a valid certificate Command and control interface Stuxnet consists of a large.dll file Designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 systems.

9 PLC Man-in-the-middle Attack

10 Nuclear Centrifuge Technology Uranium-235 separation efficiency is critically dependent on the centrifuges’ speed of rotation Separation is theoretically proportional to the peripheral speed raised to the 4th power. So any increase in peripheral speed is helpful. That implies you need strong tubes, but brute strength isn’t enough: centrifuge designs also run into problems with “shaking” as they pass through naturally resonant frequencies “shaking” at high speed can cause catastrophic failures to occur. www.fas.org/programs/ssp/nukes/fuelcycle/centrifuges/engineering.html

11 Wired.com

12 Stuxnet Infection Statistics Infected Hosts 29 September 2010, From Symantec

13 Let’s watch it happen! http://www.youtube.com/watch?v=cf0jlzVCyOI

14 The Targets


Download ppt "STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s."

Similar presentations


Ads by Google