1 / 15

The Stuxnet Worm

The Stuxnet Worm. Jonathan Baulch. What is Stuxnet?. A worm that spreads via USB drives Exploits a previously unknown vulnerability in Windows Trojan backdoor that looks for a specific software created by Siemens. Stuxnet Timeline.

lara
Download Presentation

The Stuxnet Worm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Stuxnet Worm Jonathan Baulch

  2. What is Stuxnet? • A worm that spreads via USB drives • Exploits a previously unknown vulnerability in Windows • Trojan backdoor that looks for a specific software created by Siemens

  3. Stuxnet Timeline • June 2009 – Earliest Stuxnet version seen. Lacks many complexities of the later versions • January 25, 2010 – Stuxnet driver signed with valid certificate from Realtek Semiconductor Corps • June 17, 2010 – Virusblokada reports W32.Stuxnet named RootkitTmphider • July 13, 2010 – Symantec adds detection known as W32.Temphid

  4. Stuxnet Timeline • July 16, 2010 – Verisign revokes Realtek Semiconductor Corps certificate • July 17, 2010 – Eset identifies new Stuxnet driver with certificate from JMicron Technology Corp. • July 19, 2010 – Siemens reports they are investigating reports of malware affecting Siemens WinCC SCADA systems

  5. Stuxnet Timeline • August 6, 2010 – Symantec reports how Stuxnet can inject and hide code on a PLC • September 30, 2010 – Symantec presents at Virus Bulletin and releases comprehensive analysis of Stuxnet

  6. Stuxnet Features • Self-replicates through removable drives exploiting a vulnerability allowing auto-execution • Spreads in a LAN through a vulnerability in the Windows Print Spooler • Copies and executes itself on remote computers through network shares

  7. Stuxnet Features • Copies and executes itself on remote computers running a WinCC database server • Copies itself into Step 7 projects in such a way that it automatically loads when Step 7 is run • Updates itself through a peer-to-peer mechanism within a LAN

  8. Stuxnet Features • Exploits 4 different zero-day Microsoft vulnerabilities • Contacts a command and control server that allows a hacker to download and execute code • Contains a Windows rootkit that hides its binaries

  9. Stuxnet Features • Attempts to bypass security products • Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system • Hides modified code on PLCs

  10. Modifying PLCs • PLC – Programmable Logic Controller • Loaded with blocks of code and data written using a variety of languages such as STL or SCL • PLCs are small embedded industrial control systems that run automated processes on factory floors, chemical and nuclear plants, oil refineries, etc.

  11. Speculations • It has yet to be discovered who authored the Stuxnet worm and who/what the target was. • Research project that got out of control. There is history of accidental releases of worms by researches before. • Criminal worm designed to demonstrate the power the authors possess. • Worm released by the U.S. military to scare government into increasing the budget for cyber security. • Developed by Israel to attack Iran

  12. Was Iran the target? • Iran was one of the top countries to be affected most by the Stuxnet worm. • Iran currently is constructing a nuclear plant in Bushehr and experts believe the delays have been the result of Stuxnet. • Report by Siemens expert, Ralph Langer, says that Stuxnet could easily cause a refinery’s centrifuge to malfunction.

  13. Summary • Stuxnet achieved many things in the malicious code realm • First to exploit 4 0-day vulnerabilities • Compromised 2 digital certificates • Injected code into industrial control systems and hid the code from operators.

  14. Summary • Many experts say it is the most complex malicious software created in the history of cyber security. • Highlights that it is possible to attack critical infrastructures in places other than Hollywood movies. • Improbable that copy cat attacks will begin to be mass produced due to the complexity of the software.

  15. References • W32.Stuxnet Dossier - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf • Schneier on Security - http://www.schneier.com/blog/archives/2010/10/stuxnet.html • Details on the first-ever control system malware - http://news.cnet.com/8301-27080_3-20011159-245.html

More Related