Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Slides:

Advertisements

Similar presentations

Computer security Viruses Hacking Backups

Advertisements

SCADA Security, DNS Phishing

4 Information Security.

7 Effective Habits when using the Internet Philip O’Kane 1.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery.

How Stuxnet Spreads: A Study of Infection Paths in Best Practice Systems Joel Langill Chief Security Officer Eric Byres Chief Technology Officer Andrew.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013,

Rob Gaston 04/04/2013 CIS 150. Cyber Warfare  U.S. government security expert Richard A. Clarke, Cyber War (May 2010): "cyber warfare" is "actions by.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

Real world example: Stuxnet Worm. Overview Primary target: industrial control systems –Reprogram Industrial Control Systems (ICS) –On Programmable Logic.

1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.

Information Security in Higher Education Today Current Threats

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.

DATA FORMATS FOR AUTOMATION APPLICATIONS AND PROGRAMMABLE LOGIC CONTROLLER (PLC) 1.

Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionuţ – Daniel BARBU.

Slide 1 Vitaly Shmatikov (based on Symantec’s “Stuxnet Dossier”) CS 361S Stuxnet.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

©2012 Check Point Software Technologies Ltd. KillBot: Conspiracy Theories Inbar Raz hack.lu lightning talk 25 October 2012 [Protected] For public distribution.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Stuxnet The first cyber weapon.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

A sophisticated Malware Arpit Singh CPSC 420

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

By Ksenia Primizenkina 8K

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

Cyber Warfare Case Study: Estonia

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

In the Crossfire International Cooperation and Computer Crime Stewart Baker.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

 Stuxnet: The Future of Malware? Stephan Freeman.

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

A New Security Blueprint Shantanu Ghosh Vice President, Enterprise Security & India Product Operations.

Battles in Cyber Space Dr Richard E Overill Department of Informatics.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.

Network Attacks Instructor: Dr. X. Outline Worms DoS.

History The worm was at first identified by the security company VirusBlokAda in mid-June Journalist Brian Krebs's blog posting on 15 July 2010.

Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.

Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.

How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |

Industrial Control System Cybersecurity

International Conflict & Cyber Security

W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |

How Secure Is Our Power Grid?

Stuxnet By Shane Serafin.

STUXNET A Worm With A Purpose.

Public Facilities and Cyber Security

Cybersecurity Case Study STUXNET worm

CHAPTER 4 Information Security.

CIS 560 Innovative Education-- snaptutorial.com

A quick look into today’s APTs

Propagation, behavior, and countermeasures

Object Oriented Programming and Software Engineering CIS016-2

Presentation transcript:

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010

Stuxnet Background 3 zero-day Windows vulnerabilities leveraged Designed to attack Programmable Logic Controllers (PLCs) – SCADA = supervisory control and data acquisition – Leveraged SIMATIC (Siemens) WinCC/Step 7 control software vulnerabilities – Changes configurations of controlled PLCs Required specific brands of variable-frequency drives (VFD) manufactured in either Finland or Iran

Stuxnet Background Exploit Code > 500KB – USB stick distribution – Receives updates from 2 command-and-control servers (since disabled) – Receives updates from peer-to-peer network Sophisticated design, expensive to create – 8 to 10 people – 6 months to write/test

Stuxnet Distribution Malware Distribution (by country based on WAN IP) 1.Iran – 60K+ 2.Indonesia – 10K+ 3.India – <10K 4.China – 6M+ (1K business IPs) Target speculation – Iran’s nuclear program – India’s space program

Stuxnet Infections (Symantec)

Stuxnet Attribution Government? – Israel (Obvious clues within code) – U.S. Funded organization? – Russian contractors for Iran’s nuclear program Criminal? – Sabotage v. Extortion

Malware Attribution Challenges Law enforcement entities – Demonstrate financial loss – Nuisance v. criminal activity Private RCA – Risk of incrimination Code source – Who ‘owns’ the botnet? – Who loaded the USB sticks?

Sources Bruce Schneier Blog, 7-Oct-2010: tml tml Symantec Stuxnet Dossier, v 1.3 (November 2010): a/security_response/whitepapers/w32_stuxnet_dossier.pdf a/security_response/whitepapers/w32_stuxnet_dossier.pdf Stuxnet: Fact vs. theory, CNET article, 5-Oct-2010: Clues emerge about genesis of Stuxnet worm, The Christian Science Monitor, 1-Oct-2010: security/2010/1001/Clues-emerge-about-genesis-of- Stuxnet-worm security/2010/1001/Clues-emerge-about-genesis-of- Stuxnet-worm