4. Worm vs Virus
04
A computer worm is a
standalone malware computer
program that replicates itself in
order to spread to other
computers.
A computer virus is a type of
malware that propagates by
inserting a copy of itself into and
becoming part of another
program
5. 05 WHAT IS STUXNET
Stuxnet is a computer worm that was originally aimed at Iran's
nuclear facilities and has since mutated and spread to other
industrial and energy-producing facilities. The original Stuxnet
malware attack targeted the programmable logic controllers
(PLCs) used to automate machine processes.
6. 06
Targeted industrial control systems for equipment made
by Siemens.
These systems are used in Iran for uranium
enrichment
– Enriched uranium is required to make a nuclear
bomb
The aim of the worm was to damage or destroy
controlled equipment
What was it for
7. 07
A Very Sophisticated and
Expensive Worm
Contained Four Zero days
Was 20 more complex and larger than a normal virus
Contained almost no bugs
Highly dense where each code did something and
did something right
At least a Nation-state involved
8.
9. 09 Worm Actions
Takes over operation of the centrifuge from the SCADA
(Supervisory control and data acquisition) controller
Sends control signals to PLCs managing the equipment
Causes the spin speed of the centrifuges to vary wildly, very
quickly, causing extreme vibrations and consequent damage
Blocks signals and alarms to control center from local PLCs
10. 10
The myth of the air gap
Centrifuge control systems were not connected to
the internet
Initial infection thought to be through infected USB
drives taken into the plant by unwitting system
operators
– Beware of freebies!
11. 11
Damage caused
It is thought that between 900 and 1000 centrifuges
were destroyed by the actions of Stuxnet
• This is about 10% of the total so if the intention was
to destroy all centrifuges, then it was not successful
• Significant slowdown in nuclear enrichment
program because of (a) damage and (b)
enrichment shutdown while the worms were cleared
from equipment
12. 12
A Big Controversy
Because of the complexity of the worm, the
number of possible vulnerabilities that are
exploited, the access to expensive
centrifuges and the very specific targeting, it
has been suggested that this is an instance
of cyberwar by nation-states against Iran
13. 13
Unproven speculations
Because Stuxnet did not only affect computers in
nuclear facilities but spread beyond them by transfers
of infected PCs, a mistake was made in its
development
• There was no intention for the worm to spread
beyond Iran
• Other countries with serious infections include
India, Indonesia and Azerbaijhan
14. Who developed Stuxnet?
It's now widely accepted that Stuxnet was created by the
intelligence agencies of the United States and Israel. The classified
program to develop the worm was given the code name
"Operation Olympic Games"; it was begun under President George
W. Bush and continued under President Obama
14
15. The Stuxnet worm is a multipurpose worm and there are a range
of versions with different functionality in the wild
• These use the same vulnerabilities to infect systems but they
behave in different ways
15
Is it still active?
16. 16
One called Duqu has significantly
affected computers, especially in Iran.
This does not damage equipment but
logs keystrokes and sends confidential
information to outside servers.
17. That concludes my presentation.
However, I’d like to quickly summarize
the main points or takeaways.
17
18. If anyone has any questions, please
feel free to ask now
18
19. And that brings us to the end. I’d like
to Thank you for your time and
attention today.
19