Stuxnet worm
-
Upload
sommerville-videos -
Category
Technology
-
view
744 -
download
8
description
Transcript of Stuxnet worm
Stuxnet SCADA attack, 2013 Slide 1
Cybersecurity Case StudySTUXNET worm
Stuxnet SCADA attack, 2013 Slide 2
Stuxnet SCADA attack, 2013 Slide 3
Cyber-warfare• The STUXNET worm is computer malware which
is specifically designed to target industrial control systems for equipment made by Siemens.
• These systems are used in Iran for uranium enrichment
– Enriched uranium is required to make a nuclear bomb
• The aim of the worm was to damage or destroy controlled equipment
Stuxnet SCADA attack, 2013 Slide 4
What is a worm?
• Malware that can infect a computer-based system and autonomously spread to other systems without user intervention
• Unlike a virus, no need for a carrier or any explicit user actions to spread the worm
Stuxnet SCADA attack, 2013 Slide 5
The target of the worm
Stuxnet SCADA attack, 2013 Slide 6
The STUXNET worm• Worm designed to affect SCADA systems
and PLC controllers for uranium enrichment centrifuges
• Very specific targeting – only aimed at Siemens controllers for this type of equipment
• It can spread to but does not damage other control systems
Stuxnet SCADA attack, 2013 Slide 7
Stuxnet SCADA attack, 2013 Slide 8
Worm actions• Takes over operation of the centrifuge from
the SCADA controller
• Sends control signals to PLCs managing the equipment
• Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage
• Blocks signals and alarms to control centre from local PLCs
Stuxnet SCADA attack, 2013 Slide 9
Stuxnet penetration• Initially targets Windows systems used to
configure the SCADA system
• Uses four different vulnerabilities to affect systems
– Three of these were previously unknown
– So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them.
– Spread can’t be stopped by fixing a single vulnerability
Stuxnet SCADA attack, 2013 Slide 10
Stuxnet technology• Spreads to Siemens' WinCC/PCS 7
SCADA control software and takes over configuration of the system.
• Uses a vulnerability in the print system to spread from one machine to another
• Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet
Stuxnet SCADA attack, 2013 Slide 11
The myth of the air gap• Centrifuge control systems were not
connected to the internet
• Initial infection thought to be through infected USB drives taken into plant by unwitting system operators
– Beware of freebies!
Stuxnet SCADA attack, 2013 Slide 12
Damage caused• It is thought that between 900 and 1000
centrifuges were destroyed by the actions of Stuxnet
• This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful
• Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment
Stuxnet SCADA attack, 2013 Slide 13
Unproven speculations• Because of the complexity of the
worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran
Stuxnet SCADA attack, 2013 Slide 14
Stuxnet SCADA attack, 2013 Slide 15
Unproven speculations• Because Stuxnet did not only affect computers
in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development
• There was no intention for the worm to spread beyond Iran
• Other countries with serious infections include India, Indonesia and Azerbaijhan
Stuxnet SCADA attack, 2013 Slide 16
Unproven speculations
• The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild
• These use the same vulnerabilities to infect systems but they behave in different ways
Stuxnet SCADA attack, 2013 Slide 17
• One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers.
Stuxnet SCADA attack, 2013 Slide 18
Summary • Stuxnet worm is an early instance of
cyberwarfare where SCADA controllers were targeted
• Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges
• Used a range of vulnerabilities to infect systems