SlideShare a Scribd company logo

Stuxnet worm

Download as PPTX, PDF
S
sommerville-videos

The Stuxnet worm was designed to target Siemens industrial control systems used in Iran's uranium enrichment centrifuges. It spread to these systems through infected USB drives and exploited multiple Windows vulnerabilities. It then took control of centrifuges and varied their speeds, damaging around 1,000 centrifuges and slowing Iran's nuclear program. While not intended to spread beyond Iran, it ended up infecting systems in other countries as well through file transfers.

TechnologyBusiness
1 of 18
Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
Stuxnet SCADA attack, 2013 Slide 2
Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
The target of the worm Stuxnet SCADA attack, 2013 Slide 5
The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
Stuxnet SCADA attack, 2013 Slide 7
Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
Stuxnet SCADA attack, 2013 Slide 14
Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
• One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
Santosh Khadsare
 
Stuxnet
StuxnetStuxnet
Stuxnet
Symantec
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
Santosh Khadsare
 
Stuxnet
StuxnetStuxnet
Stuxnet
Symantec
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
Lionel Faleiro
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
kelsports
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
Iftach Ian Amit
 

More Related Content

What's hot

Cyber threats
Cyber threatsCyber threats
Cyber threats
kelsports
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 

What's hot (20)

Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Malware
MalwareMalware
Malware
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ransomware
RansomwareRansomware
Ransomware
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
Malware and security
Malware and securityMalware and security
Malware and security
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Cyber security
Cyber securityCyber security
Cyber security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 

Viewers also liked

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
Ian Sommerville
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
Yury Chemerkin
 
Useful facts
Useful factsUseful facts
Useful facts
bc dalai
 

Viewers also liked (20)

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
TrustDavis on ethereum
TrustDavis on ethereumTrustDavis on ethereum
TrustDavis on ethereum
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
Conficker
ConfickerConficker
Conficker
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
1
11
1
 
Hedly
HedlyHedly
Hedly
 
CMIS 320 RESEARCH PAPER
CMIS 320 RESEARCH PAPERCMIS 320 RESEARCH PAPER
CMIS 320 RESEARCH PAPER
 
Entrevista Hector Robles revista MED PLUS n99
Entrevista Hector Robles revista MED PLUS n99Entrevista Hector Robles revista MED PLUS n99
Entrevista Hector Robles revista MED PLUS n99
 
Useful facts
Useful factsUseful facts
Useful facts
 
CMIT 321 WEEK 2 QUIZ
CMIT 321 WEEK 2 QUIZCMIT 321 WEEK 2 QUIZ
CMIT 321 WEEK 2 QUIZ
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 

Similar to Stuxnet worm

SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
Eric Favetta
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
nithinreddykaithi
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
Paolo Stagno
 

Similar to Stuxnet worm (20)

CPS - Week 1.pptx
CPS - Week 1.pptxCPS - Week 1.pptx
CPS - Week 1.pptx
 
Introducing scada
Introducing scadaIntroducing scada
Introducing scada
 
Scada security
Scada securityScada security
Scada security
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
 
Stuxnets
StuxnetsStuxnets
Stuxnets
 
SCADA Systems and its security!
SCADA Systems and its security!SCADA Systems and its security!
SCADA Systems and its security!
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
20320140501016
2032014050101620320140501016
20320140501016
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection System
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot Security
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Cyber-security of smart grids
Cyber-security of smart gridsCyber-security of smart grids
Cyber-security of smart grids
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 

More from sommerville-videos

System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
sommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
sommerville-videos
 

More from sommerville-videos (20)

Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Stuxnet worm

  • 1. Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
  • 2. Stuxnet SCADA attack, 2013 Slide 2
  • 3. Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
  • 4. What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
  • 5. The target of the worm Stuxnet SCADA attack, 2013 Slide 5
  • 6. The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
  • 7. Stuxnet SCADA attack, 2013 Slide 7
  • 8. Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
  • 9. Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
  • 10. Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
  • 11. The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
  • 12. Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
  • 13. Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
  • 14. Stuxnet SCADA attack, 2013 Slide 14
  • 15. Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
  • 16. Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
  • 17. • One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
  • 18. Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18