Stuxnet and Operation Olympic Games - PDF

Summary

This presentation describes Stuxnet, a sophisticated piece of malware. It details the characteristics, components, and the vulnerabilities exploited by Stuxnet. It also covers the operational facts surrounding the malware, including geographical locations and its impact on industrial control systems.

Full Transcript

Chapter 2 – Part 2 APT –  Stuxnet, Duqo, and Flame are the three most famous cyber attacks that nations inflicted on other nations Nation-  We will focus on the some of the most interesting States capabilities and implications for these worms  Stuxnet is a w...

Chapter 2 – Part 2 APT –  Stuxnet, Duqo, and Flame are the three most famous cyber attacks that nations inflicted on other nations Nation-  We will focus on the some of the most interesting States capabilities and implications for these worms  Stuxnet is a win32 worm that targeted industrial control systems – specifically Siemens systems that are used in nuclear power plants. Stuxnet and  It was the first malware to be discovered in what was believed to be a series of nation-state sponsored Operation cyber-attacks, and one of the few pieces of software that have had a very tangible impact Olympic  It caused the destruction of physical hardware in the Games form of uranium-enriching centrifuges.  Stuxnet was originally discovered around June 2010, however, evidence of infections actually dates back to at least one year earlier in June 2009  Some of the Stuxnet malware components are shown in Figure 2-3 page 38 of the book  Stuxnet was and is very technically advanced and unique  It was fairly large at 500kb (half megabyte), with Stuxnet different attacks Specificatio  Stuxnet used four Windows Zero-Day vulnerabilities  The fact that non of the exploits took advantage of ns memory corruption vulnerabilities, which means the exploits were 100 percent reliable and 100 percent effective against vulnerable systems  The creator of Stuxnet never had to worry about a target machine crashing or freezing which made the attacks extremely stealthy and reliable.  Zero-Day Exploit 1: Vulnerability in the processing of LNK (shortcut) files that would allow an arbitrary dynamic link library (DLL) to be executed. This DLL would be executed in the security context of the current user and was loaded from an infected USB  Zero-Day Exploit 2: A privilege escalation vulnerability The Four in the task scheduler that only affected Windows Windows Vista. This could allow code to execute as Local System Vulnerabiliti  Zero-Day Exploit: A privilege escalation vulnerability es Exploited in keyboard layout files that only Windows XP. This could allow code to execute as Local System  Zero-Day Exploit 4: A remote exploit that used the print spooler subsystem to send the Stuxnet virus to peers on the network  The author of the Stuxnet have a huge stockpile of Zero-Day exploits to choose from and selected the ones that met their exact requirements  Stuxnet also included rootkits to conceal its existence, which were digitally signed by legitimate Facts certificates.  The device drivers were signed using legitimate certificates that were stolen from JMicron and Realtek. Both of these companies are located at the Hsinchu Science Park in Taiwan.  The Stuxnet virus originally reported to two command and control servers in Malaysia and Denmark.  The servers would allow the virus to send data back to the authors as well receive updates and Operational instructions. These global points of interest include: Facts  Malware authors in United States and Israel  Nantaz plant in Iran  Command and Control Servers in Denmark and Malaysia  Stolen Certificates from Taiwan  The Stuxnet virus targeted specific Siemens SCADA ( Supervisory Control and Data Acquisition) are Operational computer systems that control and monitor industrial equipment such as power management and utility Facts systems. See figure 2-1 page 40 in the book

Use Quizgecko on...
Browser
Browser