SlideShare a Scribd company logo

Stuxnet worm

Download as PPTX, PDF
S
sommerville-videos

The Stuxnet worm was designed to target Siemens industrial control systems used in Iran's uranium enrichment centrifuges. It spread to these systems through infected USB drives and exploited multiple Windows vulnerabilities. It then took control of centrifuges and varied their speeds, damaging around 1,000 centrifuges and slowing Iran's nuclear program. While not intended to spread beyond Iran, it ended up infecting systems in other countries as well through file transfers.

TechnologyBusiness
1 of 18
Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
Stuxnet SCADA attack, 2013 Slide 2
Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
The target of the worm Stuxnet SCADA attack, 2013 Slide 5
The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
Stuxnet SCADA attack, 2013 Slide 7
Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
Stuxnet SCADA attack, 2013 Slide 14
Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
• One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Stuxnet
StuxnetStuxnet
Stuxnet
Symantec
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Stuxnet
StuxnetStuxnet
Stuxnet
Symantec
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
Santosh Khadsare
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
Ppt
PptPpt
Ppt
Geetu Khanna
 
Wannacry
WannacryWannacry
Wannacry
AravindVV
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
Iftach Ian Amit
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
Byres Security Inc.
 

More Related Content

What's hot

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 

What's hot (20)

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
Ransomware
RansomwareRansomware
Ransomware
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Ransomware
RansomwareRansomware
Ransomware
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Software security
Software securitySoftware security
Software security
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Ppt
PptPpt
Ppt
 
Wannacry
WannacryWannacry
Wannacry
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 

Viewers also liked

Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
Ian Sommerville
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
Yury Chemerkin
 
Useful facts
Useful factsUseful facts
Useful facts
bc dalai
 

Viewers also liked (20)

Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
TrustDavis on ethereum
TrustDavis on ethereumTrustDavis on ethereum
TrustDavis on ethereum
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
Conficker
ConfickerConficker
Conficker
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
1
11
1
 
Hedly
HedlyHedly
Hedly
 
CMIS 320 RESEARCH PAPER
CMIS 320 RESEARCH PAPERCMIS 320 RESEARCH PAPER
CMIS 320 RESEARCH PAPER
 
Entrevista Hector Robles revista MED PLUS n99
Entrevista Hector Robles revista MED PLUS n99Entrevista Hector Robles revista MED PLUS n99
Entrevista Hector Robles revista MED PLUS n99
 
Useful facts
Useful factsUseful facts
Useful facts
 
CMIT 321 WEEK 2 QUIZ
CMIT 321 WEEK 2 QUIZCMIT 321 WEEK 2 QUIZ
CMIT 321 WEEK 2 QUIZ
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for Mainframes
 

Similar to Stuxnet worm

SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
Eric Favetta
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
nithinreddykaithi
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
Paolo Stagno
 
A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...
eSAT Journals
 

Similar to Stuxnet worm (20)

CPS - Week 1.pptx
CPS - Week 1.pptxCPS - Week 1.pptx
CPS - Week 1.pptx
 
Introducing scada
Introducing scadaIntroducing scada
Introducing scada
 
Scada security
Scada securityScada security
Scada security
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Stuxnets
StuxnetsStuxnets
Stuxnets
 
SCADA Systems and its security!
SCADA Systems and its security!SCADA Systems and its security!
SCADA Systems and its security!
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
20320140501016
2032014050101620320140501016
20320140501016
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection System
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot Security
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Cyber-security of smart grids
Cyber-security of smart gridsCyber-security of smart grids
Cyber-security of smart grids
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...
 

More from sommerville-videos

System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
sommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
sommerville-videos
 

More from sommerville-videos (20)

Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Stuxnet worm

  • 1. Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
  • 2. Stuxnet SCADA attack, 2013 Slide 2
  • 3. Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
  • 4. What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
  • 5. The target of the worm Stuxnet SCADA attack, 2013 Slide 5
  • 6. The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
  • 7. Stuxnet SCADA attack, 2013 Slide 7
  • 8. Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
  • 9. Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
  • 10. Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
  • 11. The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
  • 12. Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
  • 13. Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
  • 14. Stuxnet SCADA attack, 2013 Slide 14
  • 15. Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
  • 16. Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
  • 17. • One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
  • 18. Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18