What is a Logic Bomb?


Published on

What is a Logic Bomb?
There are countless news stories in the media today of high profile breaches, not only of the brands we use every day, but also of foreign governments. The attacks targeting the industrial controllers in manufacturing environments are referred to as Logic Bombs. This presentation provides an overview into those Logic Bombs and strategies for protecting against them.

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

What is a Logic Bomb?

  1. 1. Logic Bombs<br />
  2. 2. Project Aurora<br />2<br />
  3. 3. What Is A Logic Bomb ?<br />Malware that targets control systems and hosts that interact with the physical world.<br />They can target:<br />SCADA (Supervisory Control And Data Acquisition) Systems<br />Building control systems like alarms, physical security, and fire suppressant systems<br />Any physically controlled device operating by a computer that if its “logic” was compromised, could have catastrophic real would effects.<br />Vulnerabilities used to create Logic Bombs:<br />The average age of vulnerability for a control system is 311 days old. <br />There were some vulnerabilities over 3 years old with remediation insight<br />3<br />
  4. 4. Real World - Stuxnet<br />Targets – Siemens SIMATIC WinCC and PCS 7 Systems<br />Total of four zero day vulnerabilities make Win32.Stuxnet:<br />.lnk / PIF shortcut vulnerabilities (through USB drives on Windows) <br />Print spooler remote code execution vulnerability<br />Microsoft Windows server service RPC handling remote code execution vulnerability<br />WBEM remote file execution<br />Injects codes of SCADA PLC controls to disrupt operations and protects itself by denying code review of the rootkit injection.<br />Information security best practices applied to control systems and connected hosts could have prevented it.<br />4<br />
  5. 5. Real World - Stuxnet<br />5<br />60 Percent of Attacks Against Iran<br />Most Likely Nation State Sponsored<br />Very Talented Group of People Created It<br />No Traceable Aspects of Signature in The Code<br />What Was The Desired End Result ?<br />Was That Purely a Test Case ?<br />Who's Behind Stuxnet? The Americans? The Israelis?<br />PC Mags Blogs, September 24, 2010<br />
  6. 6. What Can You Do ?<br />6<br /><ul><li>Identify zero-day vulnerabilities and develop mitigation plans
  7. 7. Assess unpatched operating system vulnerabilities and remediate them
  8. 8. Identify known software / application vulnerabilities and remediate them
  9. 9. Track and mitigate vulnerabilities in programmable logic controllers (PLCs) commonly used in industrial control systems
  10. 10. Learn from initiatives like what has PCI done for the Payment Card Industry</li></li></ul><li>Assessment<br />Vulnerability Assessment:<br /><ul><li>If it has an IP address, it should be assessed for vulnerabilities.
  11. 11. Regardless of the operating system, all devices on the network could be at risk.
  12. 12. If it has security risks, mitigate them. Other techniques besides patches can be acceptable.</li></li></ul><li>Continuously Protect Device Security Risks:<br /><ul><li>No Impact to Mission Runtime
  13. 13. Zero-Day Protection
  14. 14. Enforce Trusted Communications
  15. 15. Manage Change Control
  16. 16. Application Control</li></ul>Network IPS and Firewalls are Ineffective for Application Logic Bombs like StuxNet<br />Protection<br />
  17. 17. Know your vulnerabilities. Know you’re protected.<br />Security Experts<br /><ul><li>Founded in 1998
  18. 18. Growing and profitable
  19. 19. Leaders in security & compliance
  20. 20. World renowned research team
  21. 21. Trusted security advisors</li></ul>Award-Winning Solutions<br /><ul><li>Recognized product leadership
  22. 22. Securing companies of all sizefrom SMB’s to Enterprise
  23. 23. Unparalleled services & support</li></ul>Making the Complex Simple <br /><ul><li>Centralized security management and visibility
  24. 24. Fast, flexible deployment
  25. 25. Thousands of customers, protecting millions of systems
  26. 26. Unified vulnerability management</li></ul>www.eeye.com | 1.866.339.3732 | sales@eeye.com<br />
  27. 27. References<br />Stuxnet Attack Exposes Inherent Problems In Power Grid Security<br />By Kelly Jackson Higgins, DarkReading, Sept. 27, 2010<br />Stuxnet Using Three Additional Zero-Day Vulnerabilities<br />By Liam O Murchu 14 Sep 2010<br />Who's Behind Stuxnet? The Americans? The Israelis?<br />PC Mags Blogs, September 24, 2010<br />Worried about logic bombs? You should be…<br />Morey Haber, May 20 2010<br />Don't Think Targeted Attacks Like Stuxnet Can't Hit You <br />Gartner, John Pescatore, Earl Perkins, September 23, 2010<br />10<br />