This document provides definitions and context about cyberwarfare and the Stuxnet virus attack. It defines cyberwarfare as actions by a nation-state to penetrate another nation's computers or networks to cause damage or disruption. It then summarizes the Stuxnet virus, including that it targeted Iranian nuclear facilities, represented a new level of cyberthreat sophistication, and exposed vulnerabilities in critical infrastructure cybersecurity. Experts believe Stuxnet was part of a government-backed cyberattack but its origins remain uncertain.
Stuxnet was a computer virus unleashed in 2009 that targeted Iran's nuclear facilities. It disrupted centrifuges used to enrich uranium, slowing Iran's nuclear program. The virus was introduced via USB and spread through industrial control systems. Stuxnet is believed to have been created by the U.S. and Israel to damage Iran's nuclear capabilities without using military force. It changed cyber security worldwide and highlighted the risks of cyber attacks targeting critical infrastructure.
The document discusses the Stuxnet computer worm that targeted Iran's nuclear facilities. It describes how Stuxnet infected industrial sites in Iran starting in 2009, including a uranium enrichment plant. It spread through computer networks and used several zero-day exploits to infect systems and remain undetected. Stuxnet is believed to have been created by the United States and Israel to sabotage Iran's nuclear program.
This document discusses worms in local area networks and proposes a new approach to detect and stop worm attacks. It begins by describing how worms can quickly spread and take control of all systems in a LAN. The proposed approach detects worms by analyzing where they typically copy themselves and using Snort rules to identify infectious packets flowing between systems. It then provides background on common worms and how they spread. The document outlines the proposed model and discusses how it would detect worms either by their copying locations or infectious packet contents.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
Stuxnet is analyzed in detail, including its architecture, functionality, and propagation methods. It is described as a highly advanced persistent threat that targeted Iran's nuclear facilities. The document outlines how Stuxnet used zero-day exploits and a digital certificate to inject code into industrial control systems and spread via removable drives and network shares. Stuxnet's command and control infrastructure and ability to infect project files for industrial software are also summarized.
Bot software spreads, causes new worriesUltraUploader
Bot software infects millions of computers worldwide without the owners' knowledge and turns them into zombies that perform malicious tasks as part of a bot network. These bot networks, which can include thousands of infected computers, are used to spread viruses and worms, send spam emails, install spyware, and launch denial-of-service attacks. While initially just an automated way to spread malware, bot networks are now also used for criminal activities like identity theft due to their ability to stealthily command a large number of compromised computers. Security experts warn that the proliferation of bot networks poses serious risks and is very difficult to stop given their automation and scale.
Slingshot APT - Critical Vulnerability through routersK. A. M Lutfullah
New malware, which researchers have called ‘Slingshot,’ attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victims’ devices. According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications.
Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators
The document provides a detailed chronology and analysis of the Morris worm, one of the earliest computer worms to spread via the Internet. It summarizes that on November 2, 1988, a self-replicating program was released that infected hundreds or thousands of computers running UNIX via vulnerabilities in sendmail, finger, and rsh/rexec. It then analyzes the worm's code to describe how it spread, hid itself, and avoided detection by system administrators as it rapidly propagated across the Internet.
Virus detection based on virus throttle technologyAhmed Muzammil
In the Internet age, virus epidemics are getting worse than before, making the networks slow, computers slow, suspending mission critical operations and so on.
In this paper, a new technique for virus detection based on virus throttle technology is presented. This technique allows detecting attacks on networks within seconds of possible virus affection.
The special feature of this technology is that its virus detection algorithm is based on the network behavior of the virus and not on identification of virus code. So it is possible to detect even unknown viruses without any signature updates.
Stuxnet was a computer virus unleashed in 2009 that targeted Iran's nuclear facilities. It disrupted centrifuges used to enrich uranium, slowing Iran's nuclear program. The virus was introduced via USB and spread through industrial control systems. Stuxnet is believed to have been created by the U.S. and Israel to damage Iran's nuclear capabilities without using military force. It changed cyber security worldwide and highlighted the risks of cyber attacks targeting critical infrastructure.
The document discusses the Stuxnet computer worm that targeted Iran's nuclear facilities. It describes how Stuxnet infected industrial sites in Iran starting in 2009, including a uranium enrichment plant. It spread through computer networks and used several zero-day exploits to infect systems and remain undetected. Stuxnet is believed to have been created by the United States and Israel to sabotage Iran's nuclear program.
This document discusses worms in local area networks and proposes a new approach to detect and stop worm attacks. It begins by describing how worms can quickly spread and take control of all systems in a LAN. The proposed approach detects worms by analyzing where they typically copy themselves and using Snort rules to identify infectious packets flowing between systems. It then provides background on common worms and how they spread. The document outlines the proposed model and discusses how it would detect worms either by their copying locations or infectious packet contents.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
Stuxnet is analyzed in detail, including its architecture, functionality, and propagation methods. It is described as a highly advanced persistent threat that targeted Iran's nuclear facilities. The document outlines how Stuxnet used zero-day exploits and a digital certificate to inject code into industrial control systems and spread via removable drives and network shares. Stuxnet's command and control infrastructure and ability to infect project files for industrial software are also summarized.
Bot software spreads, causes new worriesUltraUploader
Bot software infects millions of computers worldwide without the owners' knowledge and turns them into zombies that perform malicious tasks as part of a bot network. These bot networks, which can include thousands of infected computers, are used to spread viruses and worms, send spam emails, install spyware, and launch denial-of-service attacks. While initially just an automated way to spread malware, bot networks are now also used for criminal activities like identity theft due to their ability to stealthily command a large number of compromised computers. Security experts warn that the proliferation of bot networks poses serious risks and is very difficult to stop given their automation and scale.
Slingshot APT - Critical Vulnerability through routersK. A. M Lutfullah
New malware, which researchers have called ‘Slingshot,’ attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victims’ devices. According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications.
Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators
The document provides a detailed chronology and analysis of the Morris worm, one of the earliest computer worms to spread via the Internet. It summarizes that on November 2, 1988, a self-replicating program was released that infected hundreds or thousands of computers running UNIX via vulnerabilities in sendmail, finger, and rsh/rexec. It then analyzes the worm's code to describe how it spread, hid itself, and avoided detection by system administrators as it rapidly propagated across the Internet.
Virus detection based on virus throttle technologyAhmed Muzammil
In the Internet age, virus epidemics are getting worse than before, making the networks slow, computers slow, suspending mission critical operations and so on.
In this paper, a new technique for virus detection based on virus throttle technology is presented. This technique allows detecting attacks on networks within seconds of possible virus affection.
The special feature of this technology is that its virus detection algorithm is based on the network behavior of the virus and not on identification of virus code. So it is possible to detect even unknown viruses without any signature updates.
The article examines how the creators of the Stuxnet malware signed its driver files with stolen digital certificates from Realtek and JMicron. It finds that the attackers likely obtained the private keys needed to sign the files from the legitimate certificate owners by exploiting their systems. This allowed Stuxnet to appear as a legitimate software update and helped it infect many targets undetected over a long period of time.
This document provides a briefing on cyberwarfare. It begins with definitions of cyber, warfare, and cyberwarfare. It then discusses three recent cyberwarfare events: 1) Russia attacking Georgia in 2008 through DDoS and hacking, 2) An unknown agency attacking US military networks in 2008 through an infected USB drive, and 3) An unknown attacker (allegedly Israel) targeting Iran's nuclear facilities in 2010 through the Stuxnet virus. It analyzes the impacts and countermeasures for each event. Finally, it concludes with questions around regulating cyber groups and establishing protocols for cyberweapons.
Computer viruses have existed since the early 1980s. Some key events in virus history include the first Apple viruses in 1981, Fred Cohen's seminal research in the 1980s, the first memory resident virus called Lehigh in 1987, and the release of the first antivirus software in 1988. Major viruses that caused widespread damage include Melissa in 1999, I Love You in 2000, Code Red in 2001, and Slammer in 2003. To prevent virus infections, it is important to keep systems and software updated, use antivirus software, be wary of unknown attachments, and verify any security alerts before taking action.
Darktrace detected a number of anomalies across various customer networks including remote access attacks linked to malware, anomalous data transfers, domain generation algorithms, malicious web drive-bys, suspicious file downloads, unauthorized access to administrator credentials, ransomware infections, bitcoin mining, and connections to advanced persistent threat groups. Darktrace was able to detect these threats using unsupervised machine learning to identify anomalous behaviors rather than relying on rules or signatures.
This document provides information about the editorial staff and contributors involved in the Hakin9 IT security magazine. It lists the Editor in Chief, Editorial Advisory Board members, designers, proofreaders, beta testers, consultants, publishers, and production staff. It also contains a brief disclaimer about the techniques discussed in the magazine and a greeting from the Editor in Chief introducing the topics covered in the current issue, including spyware threats and protections.
Create an Artificially Intelligent (AI) Computer virus , which can modify its signature to avoid detection from an Anti Virus software.
A computer virus which can stop all its infectious activities and go into the state of incubation when a full system scan is going on through an Anti Virus scan. What is the possibility of seeing such computer viruses in near future?
Ransomware protection in loT using software defined networking IJECEIAES
- The document proposes a ransomware protection method for IoT devices using software defined networking (SDN). It first discusses the growth of ransomware attacks and types of ransomware that have emerged. It then highlights how ransomware poses a threat to IoT due to IoT's limited resources and connectivity of devices.
- The proposed method uses an SDN gateway to monitor incoming IoT traffic. It employs policies defined in the SDN controller to detect and mitigate ransomware in the IoT environment. The performance of the proposed system is evaluated and compared to relevant existing methods. Enhancements to the solution are also discussed.
- The key contribution is a SDN-based ransomware detection and prevention solution tailored for
Franklin downloaded free software that infected his system with malware. After installing the software, Franklin's system rebooted and started malfunctioning. The document discusses computer security risks for home users, including risks from computer attacks like malware infections and accidents that can cause physical damage. It also covers essential computer security topics like threats, vulnerabilities, security elements, and defenses that can help secure systems and information.
Jay Beale is a cybersecurity expert who has created defensive security tools. He warns that malware is becoming more sophisticated and dangerous. Recent worms like WannaCry and NotPetya have caused major damage by spreading using leaked NSA exploits. Cryptojacking malware that secretly uses computers to mine cryptocurrency is also a growing threat, with some malware infecting hundreds of thousands of devices in a single day. Fully automated malware could achieve domain administrator access on networks and steal large amounts of sensitive data and intellectual property. Strong defenses like patching, network segmentation, privileged access management, and Active Directory security reviews are needed to protect against these evolving threats.
This document summarizes the types and impact of malware in modern society. It discusses how the growth of internet-connected devices and systems has led to an increase in malware attacks. Some key points:
- Malware includes viruses, worms, trojans, and other malicious software designed to harm devices, systems or users. The number of malware strains has grown exponentially with the rise of internet-connected devices.
- Malware can have significant economic and social impacts. For example, malware is estimated to cost the U.S. economy between $57-109 billion annually. The WannaCry ransomware attack impacted the UK's healthcare system by canceling appointments and delaying cancer treatments.
- As more
A Fileless Ransomware is a new type of ransomware primarily follows the mechanism of both ransomware and fileless malware. Detecting and Defending these kinds of attacks becoming a great obstacle for IT firms. Cybercriminals found a new way of extorting ransom with vicious methods mainly from big organizations, government, Telecom Industry and many more. Traditional AV Engines are not able to defend Fileless Malware. This paper describes the mechanism of both ransomware and fileless malware, the working of fileless ransomware, what are the possible attack vectors of fileless ransomware, variations of fileless ransomware and their instances, Prevention methods and recommendation to defend against Fileless ransomware. Krishna B L "Comparative Study of Fileless Ransomware" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30600.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/30600/comparative-study-of-fileless-ransomware/krishna-b-l
The document summarizes various cybersecurity incidents that occurred in July 2021. It reports on ransomware attacks against Fujifilm in Japan and UnitingCare Queensland in Australia. It also discusses data breaches affecting Alibaba, CVS Health, and Cisco vulnerabilities being exploited. New malware such as DarkRadiation ransomware targeting Linux and the return of Agent Tesla RAT in COVID-19 vaccine phishing scams. The gaming, technology, healthcare and government sectors were most affected. Attack vectors included ransomware, data leaks, malware/trojans and exploitation of known vulnerabilities. Consequences involved encryption of systems and files, theft of personally identifiable information and system compromise.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
The document summarizes mobile threat data from January to June 2018. It finds that every customer saw mobile OS threats, MITM attacks increased over the last half of 2017, and one in three devices detected a mobile threat. Specific threats discussed include Meltdown and Spectre CPU vulnerabilities, vulnerabilities in Apple's Bluetooth daemon, the ZipperDown app vulnerability affecting 100 million iOS users, cryptojacking malware, and threats from unpatched vulnerabilities, malicious apps, and network attacks like MITM and rogue access points.
The document is an issue of the (IN)SECURE Magazine discussing various topics related to information security. It includes articles on the NSA's efforts to subvert encryption and install backdoors, attacks against PHP applications, allowing large-scale quantum cryptography networks, and other topics. It also includes advertisements, a letter from the editor, and information on how to provide feedback or get in contact with the magazine. Overall, the document provides an overview of several current issues and developments regarding cybersecurity based on research and reporting from various sources.
Are the current computer crime laws sufficient or should the writing of virus...UltraUploader
This document discusses whether current computer crime laws are sufficient to address the writing of virus code or if this activity should be prohibited. It begins with background on cybercrime and viruses, defining viruses, worms, and payloads. It describes how malware is released and the threats posed by viruses and worms. It outlines current US federal and state computer crime laws and their limitations in addressing virus writing. The document argues that directly prohibiting virus writing may be needed and examines how a new statute could address this and potential issues it may raise regarding free speech.
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms.
Validy - A Paradigm Switch to Ensure Code Integrity.
During the Forum International de la Cybercriminalité,
late march 2010, Mag Securs met with Validy. We already knew this company and had looked at their technology in 2005. Our discussions in may and june have touched on the possibility of ensuring executable code integrity.
For more details, please visit: www.cybercops.in
The document contains summaries of several security news articles. The articles discuss issues like vulnerabilities in iPhone fingerprint authentication and signed Mac malware, flaws in Verizon femtocells allowing eavesdropping, a remote access tool targeting Android devices, and vulnerabilities in a Ukrainian bank's mobile app allowing account theft. The document also mentions several upcoming security events in India.
Modeling and Containment of Uniform Scanning WormsIOSR Journals
This document presents a branching process model for characterizing the propagation of uniform scanning worms on the Internet. The model models both the inter-host and intra-host spreading of worms. It then describes an automatic worm containment strategy that aims to contain uniform scanning worms by detecting infected machines through scanning and deleting worm files. The model and containment strategy are validated through simulations. The document concludes by discussing modeling topology-aware worms and designing containment mechanisms for them.
The document discusses the biggest cybersecurity threats of 2017, including ransomware, distributed denial of service (DDoS) attacks, the internet of things (IoT), and human/employee threats. Ransomware attacks grew significantly in recent years, with the WannaCry attack in 2017 infecting over 200,000 computers globally. DDoS attacks can overwhelm servers through hijacked devices in botnets, while the growing IoT introduces new vulnerabilities. Employees were responsible for the majority of data breaches, whether through malicious insiders, mistakes, or negligence. The costs of data breaches for companies are substantial.
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
The document summarizes a Congressional Research Service report on the Stuxnet computer worm. It discusses how Stuxnet targeted Iranian nuclear facilities by infecting industrial control systems. It affected systems in several countries and demonstrated that cyber attacks could disrupt critical infrastructure. The report examines questions for Congress about national security, an international treaty on malicious software, and protecting critical infrastructure from cyber threats.
A massive computer worm called Stuxnet targeted Iran's nuclear facilities and spread globally. Stuxnet code samples have raised concerns it could be used to target other countries' critical infrastructure systems. The sophisticated Stuxnet code has reportedly been offered for sale on underground forums, potentially enabling cyber terrorists to adapt it for disruptive purposes. A major global cyber espionage operation dubbed "Operation Shady RAT" targeted over 70 organizations for years and is believed to have been masterminded by China to steal military, economic and diplomatic secrets.
The article examines how the creators of the Stuxnet malware signed its driver files with stolen digital certificates from Realtek and JMicron. It finds that the attackers likely obtained the private keys needed to sign the files from the legitimate certificate owners by exploiting their systems. This allowed Stuxnet to appear as a legitimate software update and helped it infect many targets undetected over a long period of time.
This document provides a briefing on cyberwarfare. It begins with definitions of cyber, warfare, and cyberwarfare. It then discusses three recent cyberwarfare events: 1) Russia attacking Georgia in 2008 through DDoS and hacking, 2) An unknown agency attacking US military networks in 2008 through an infected USB drive, and 3) An unknown attacker (allegedly Israel) targeting Iran's nuclear facilities in 2010 through the Stuxnet virus. It analyzes the impacts and countermeasures for each event. Finally, it concludes with questions around regulating cyber groups and establishing protocols for cyberweapons.
Computer viruses have existed since the early 1980s. Some key events in virus history include the first Apple viruses in 1981, Fred Cohen's seminal research in the 1980s, the first memory resident virus called Lehigh in 1987, and the release of the first antivirus software in 1988. Major viruses that caused widespread damage include Melissa in 1999, I Love You in 2000, Code Red in 2001, and Slammer in 2003. To prevent virus infections, it is important to keep systems and software updated, use antivirus software, be wary of unknown attachments, and verify any security alerts before taking action.
Darktrace detected a number of anomalies across various customer networks including remote access attacks linked to malware, anomalous data transfers, domain generation algorithms, malicious web drive-bys, suspicious file downloads, unauthorized access to administrator credentials, ransomware infections, bitcoin mining, and connections to advanced persistent threat groups. Darktrace was able to detect these threats using unsupervised machine learning to identify anomalous behaviors rather than relying on rules or signatures.
This document provides information about the editorial staff and contributors involved in the Hakin9 IT security magazine. It lists the Editor in Chief, Editorial Advisory Board members, designers, proofreaders, beta testers, consultants, publishers, and production staff. It also contains a brief disclaimer about the techniques discussed in the magazine and a greeting from the Editor in Chief introducing the topics covered in the current issue, including spyware threats and protections.
Create an Artificially Intelligent (AI) Computer virus , which can modify its signature to avoid detection from an Anti Virus software.
A computer virus which can stop all its infectious activities and go into the state of incubation when a full system scan is going on through an Anti Virus scan. What is the possibility of seeing such computer viruses in near future?
Ransomware protection in loT using software defined networking IJECEIAES
- The document proposes a ransomware protection method for IoT devices using software defined networking (SDN). It first discusses the growth of ransomware attacks and types of ransomware that have emerged. It then highlights how ransomware poses a threat to IoT due to IoT's limited resources and connectivity of devices.
- The proposed method uses an SDN gateway to monitor incoming IoT traffic. It employs policies defined in the SDN controller to detect and mitigate ransomware in the IoT environment. The performance of the proposed system is evaluated and compared to relevant existing methods. Enhancements to the solution are also discussed.
- The key contribution is a SDN-based ransomware detection and prevention solution tailored for
Franklin downloaded free software that infected his system with malware. After installing the software, Franklin's system rebooted and started malfunctioning. The document discusses computer security risks for home users, including risks from computer attacks like malware infections and accidents that can cause physical damage. It also covers essential computer security topics like threats, vulnerabilities, security elements, and defenses that can help secure systems and information.
Jay Beale is a cybersecurity expert who has created defensive security tools. He warns that malware is becoming more sophisticated and dangerous. Recent worms like WannaCry and NotPetya have caused major damage by spreading using leaked NSA exploits. Cryptojacking malware that secretly uses computers to mine cryptocurrency is also a growing threat, with some malware infecting hundreds of thousands of devices in a single day. Fully automated malware could achieve domain administrator access on networks and steal large amounts of sensitive data and intellectual property. Strong defenses like patching, network segmentation, privileged access management, and Active Directory security reviews are needed to protect against these evolving threats.
This document summarizes the types and impact of malware in modern society. It discusses how the growth of internet-connected devices and systems has led to an increase in malware attacks. Some key points:
- Malware includes viruses, worms, trojans, and other malicious software designed to harm devices, systems or users. The number of malware strains has grown exponentially with the rise of internet-connected devices.
- Malware can have significant economic and social impacts. For example, malware is estimated to cost the U.S. economy between $57-109 billion annually. The WannaCry ransomware attack impacted the UK's healthcare system by canceling appointments and delaying cancer treatments.
- As more
A Fileless Ransomware is a new type of ransomware primarily follows the mechanism of both ransomware and fileless malware. Detecting and Defending these kinds of attacks becoming a great obstacle for IT firms. Cybercriminals found a new way of extorting ransom with vicious methods mainly from big organizations, government, Telecom Industry and many more. Traditional AV Engines are not able to defend Fileless Malware. This paper describes the mechanism of both ransomware and fileless malware, the working of fileless ransomware, what are the possible attack vectors of fileless ransomware, variations of fileless ransomware and their instances, Prevention methods and recommendation to defend against Fileless ransomware. Krishna B L "Comparative Study of Fileless Ransomware" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30600.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/30600/comparative-study-of-fileless-ransomware/krishna-b-l
The document summarizes various cybersecurity incidents that occurred in July 2021. It reports on ransomware attacks against Fujifilm in Japan and UnitingCare Queensland in Australia. It also discusses data breaches affecting Alibaba, CVS Health, and Cisco vulnerabilities being exploited. New malware such as DarkRadiation ransomware targeting Linux and the return of Agent Tesla RAT in COVID-19 vaccine phishing scams. The gaming, technology, healthcare and government sectors were most affected. Attack vectors included ransomware, data leaks, malware/trojans and exploitation of known vulnerabilities. Consequences involved encryption of systems and files, theft of personally identifiable information and system compromise.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
The document summarizes mobile threat data from January to June 2018. It finds that every customer saw mobile OS threats, MITM attacks increased over the last half of 2017, and one in three devices detected a mobile threat. Specific threats discussed include Meltdown and Spectre CPU vulnerabilities, vulnerabilities in Apple's Bluetooth daemon, the ZipperDown app vulnerability affecting 100 million iOS users, cryptojacking malware, and threats from unpatched vulnerabilities, malicious apps, and network attacks like MITM and rogue access points.
The document is an issue of the (IN)SECURE Magazine discussing various topics related to information security. It includes articles on the NSA's efforts to subvert encryption and install backdoors, attacks against PHP applications, allowing large-scale quantum cryptography networks, and other topics. It also includes advertisements, a letter from the editor, and information on how to provide feedback or get in contact with the magazine. Overall, the document provides an overview of several current issues and developments regarding cybersecurity based on research and reporting from various sources.
Are the current computer crime laws sufficient or should the writing of virus...UltraUploader
This document discusses whether current computer crime laws are sufficient to address the writing of virus code or if this activity should be prohibited. It begins with background on cybercrime and viruses, defining viruses, worms, and payloads. It describes how malware is released and the threats posed by viruses and worms. It outlines current US federal and state computer crime laws and their limitations in addressing virus writing. The document argues that directly prohibiting virus writing may be needed and examines how a new statute could address this and potential issues it may raise regarding free speech.
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms.
Validy - A Paradigm Switch to Ensure Code Integrity.
During the Forum International de la Cybercriminalité,
late march 2010, Mag Securs met with Validy. We already knew this company and had looked at their technology in 2005. Our discussions in may and june have touched on the possibility of ensuring executable code integrity.
For more details, please visit: www.cybercops.in
The document contains summaries of several security news articles. The articles discuss issues like vulnerabilities in iPhone fingerprint authentication and signed Mac malware, flaws in Verizon femtocells allowing eavesdropping, a remote access tool targeting Android devices, and vulnerabilities in a Ukrainian bank's mobile app allowing account theft. The document also mentions several upcoming security events in India.
Modeling and Containment of Uniform Scanning WormsIOSR Journals
This document presents a branching process model for characterizing the propagation of uniform scanning worms on the Internet. The model models both the inter-host and intra-host spreading of worms. It then describes an automatic worm containment strategy that aims to contain uniform scanning worms by detecting infected machines through scanning and deleting worm files. The model and containment strategy are validated through simulations. The document concludes by discussing modeling topology-aware worms and designing containment mechanisms for them.
The document discusses the biggest cybersecurity threats of 2017, including ransomware, distributed denial of service (DDoS) attacks, the internet of things (IoT), and human/employee threats. Ransomware attacks grew significantly in recent years, with the WannaCry attack in 2017 infecting over 200,000 computers globally. DDoS attacks can overwhelm servers through hijacked devices in botnets, while the growing IoT introduces new vulnerabilities. Employees were responsible for the majority of data breaches, whether through malicious insiders, mistakes, or negligence. The costs of data breaches for companies are substantial.
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
The document summarizes a Congressional Research Service report on the Stuxnet computer worm. It discusses how Stuxnet targeted Iranian nuclear facilities by infecting industrial control systems. It affected systems in several countries and demonstrated that cyber attacks could disrupt critical infrastructure. The report examines questions for Congress about national security, an international treaty on malicious software, and protecting critical infrastructure from cyber threats.
A massive computer worm called Stuxnet targeted Iran's nuclear facilities and spread globally. Stuxnet code samples have raised concerns it could be used to target other countries' critical infrastructure systems. The sophisticated Stuxnet code has reportedly been offered for sale on underground forums, potentially enabling cyber terrorists to adapt it for disruptive purposes. A major global cyber espionage operation dubbed "Operation Shady RAT" targeted over 70 organizations for years and is believed to have been masterminded by China to steal military, economic and diplomatic secrets.
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
The document summarizes new findings about the Stuxnet malware and its impact on Iran's nuclear program. Key points:
- Stuxnet was likely responsible for destroying around 1,000 centrifuges at Iran's Natanz enrichment facility in late 2009/early 2010, based on matching rotational frequencies and new evidence from IAEA reports.
- The attack delayed Iran's expected expansion plans for the plant and consumed a limited supply of replacement centrifuges. However, it did not stop Iran's nuclear program.
- Additional analysis of Stuxnet's code revealed an exact description of the IR-1 centrifuge cascade at Natanz, further indicating it was the target.
- Future cyberattacks against Iran
The document discusses the challenges of combating computer viruses given their ability to spread rapidly. It notes that a single virus writer can trigger a chain reaction that infects thousands of computers. Recent viruses like SoBig demonstrated this danger, with one version found in half of all emails scanned. While some blame careless users, the document argues users are overwhelmed by the complex tech landscape. It also discusses challenges faced by administrators and software companies in keeping systems fully protected given the difficulties of eliminating all vulnerabilities from hugely complex programs like Windows.
One of the key methods cybercriminals are using is ransomware, most famously the Cryptolocker malware,
and its numerous variants, which encrypts the files on a user’s computer and demands the user to pay a ransom, usually in Bitcoins, in order to receive the key to decrypt the files. But Cryptolocker is just one approach that criminals are taking to demand ransom, and the techniques are evolving on a daily basis. To guard against ransomware, it is not enough to know the malware that is making the rounds that day. It is vital to have a broader understanding of the topic, so one can take effective countermeasures against this evolving threat.
Firewalls have proved to be ineffective for cyber-security. Instead, a new category of security applications has emerged which learn from the criminal behavior of intruders and use data in combination with deception to trap hackers.
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
This paper is on the exploration of Internet Network security. With the advent of the internet, security became a major concern for computer users, organizations and the Military. The internet structure itself allow for many security threats to occur. Knowing the attack methods, the architecture of the internet when modified can reduce the possible attacks that can be sent across the network. The internet can be secured by the means of VPN, IPSec, Anti‐Malware Software and scanners, Secure Socket Layer, intrusion‐detection, security management, firewalls and cryptography mechanisms. The essence of this research is to forecast the future of internet network security.
A global cyber attack exploited hacking tools believed to belong to the NSA that were leaked online last month. The attack spread a ransomware virus affecting over 57,000 systems in 99 countries. Some argue the attack reflects flaws in the US prioritizing offensive cyber capabilities over defense. While Microsoft had provided patches, many systems had not updated their software leaving them vulnerable. There are concerns intelligence agencies hoard vulnerabilities rather than quickly reporting them to be addressed.
Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program. Wikipedia
READING HEAD GROUP 2 BLACK ENERGYGroup 2 Black Energy.docxsodhi3
The document discusses the BlackEnergy malware attacks on Ukraine's power grid in December 2015. It provides background on the different versions of BlackEnergy, how the attackers planned and executed the attacks, and the impacts. The attackers used BlackEnergy 2 and 3 malware delivered via spear phishing emails to gain access to the power grid systems. They were then able to compromise over 225,000 customers by disabling remote protections and manually shutting down key power plants over 30 minutes. The attacks caused widespread power outages around Christmas time in Ukraine.
Malware Every Second outlines how cyberattacks have increased exponentially, with McAfee finding new malware every second by 2013. The Stuxnet case study details a "bloodless" cyberwar operation by the US and Israel against Iran's nuclear program via a targeted worm. It infiltrated systems through flash drives and sabotaged centrifuges while appearing to engineers as equipment defects. Stuxnet highlighted cyberwarfare's potential for precision attacks with no human casualties. However, civilian networks will still suffer collateral damage as combatants use them for attacks. Future trends of cloud, mobile and big data will shape ongoing cybersecurity challenges.
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasures.
The document provides an overview of cybersecurity threats in the first half of 2013. Key points include:
- Exploit attacks targeting known Java vulnerabilities accounted for about half of all detections, focusing on CVE-2013-1493 and CVE-2011-3544.
- The ZeroAccess botnet was active spreading via exploit kits and Java exploits, with potential monthly profits from Bitcoin mining estimated at over $50,000.
- Ransomware called "Anti Child Porn Spam Protection" circulated in March and April.
- APT attacks often use specially crafted documents as bait targeting people in specific organizations or fields.
- The first Android malware spread through spam emails was
This document summarizes an example of a large-scale computer security attack that compromised over 75,000 computers belonging to 2500 companies around the world. The perpetrators lured employees to open infected email attachments, allowing their computers to be taken over by a large botnet called Kneber. Once in control of a computer, the attackers searched for sensitive information and passwords. They then used the compromised computers to spread the infection further via other networks and machines. The sophisticated and coordinated nature of the attack demonstrated the high level of skill of the criminal groups involved.
Stuxnet, Duqu, and Flame are sophisticated cyber weapons discovered between 2010-2012 that targeted industrial systems and stole information. Kaspersky Lab analysis found that a module from the early 2009 version of Stuxnet, known as "Resource 207", was actually a Flame plugin, indicating Flame existed prior to Stuxnet. This module was used by both Stuxnet and Flame to spread via USB drives using identical code. Stuxnet and Flame are believed to have been used by the U.S. to wage cyber warfare against Iran.
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docxcowinhelen
Case Study - Cyberterrorism—A New Reality:
When hackers claiming to support the Syrian regime of Bashar Al-Assad attacked and disabled the website of Al Jazeera, the Qatar-based satellite news channel, in September 2012, the act was another act of hacktivism, purporting to promote a specific political agenda over another. Hacktivism has become a very visible form of expressing dissent. Even though there have been numerous incidents reported by the media, the first case of hacktivism was documented in 1989 when a member of the Cult of the Dead Cow hacker collective named Omega coined the term in 1996. However, hacktivism is not the only form of cyber protest and conflict that has everyone from ICT professionals to governments scrambling for solutions. Individuals, enterprises, and governments alike rely in many instances almost completely on network computing technologies, including cloud computing. The international and ever-evolving nature of the Internet along with inadequate law enforcement and the anonymity the global architecture offers creates opportunities for hackers to attack vulnerable nodes for personal, financial, or political gain.
The Internet is also rapidly becoming the political and advocacy platform of choice, bringing with it both positive and negative consequences. Increasingly sophisticated off-the-shelf technologies and easy access to the Internet are significantly increasing incidents of cyberterrorism, netwars, and cyberwarfare. The following are a few examples.
• According to The Israel Electric Company, Israel is attacked 1,000 times a minute by cyberterrorists targeting the country’s infrastructure—water, electricity, communications, and other services.• The New York Times, quoting military officials, said there was a seventeen-fold increase in cyberattacks targeting the US critical infrastructure between 2009 and 2011.• The 2010 Data Breach Investigations Report has data recording more than 900 instances of computer hacking and other data breaches in the past seven years, resulting in some 900 million compromised records. In 2012, the same study listed 855 breaches, resulting in 174 million compromised records in 2011 alone, up from 4 million in 2010.• Another study of 49 breaches in 2011 reported that the average organizational cost of a data breach (including detection, internal response, notification, post notification cost) was $5.5 million. This number was down from $7.2 million in 2010.14 The Telegraph (London) reported that “India blamed a new ‘cyber-jihad’ by Pakistani militant groups for the exodus of thousands of people from India’s north-eastern minorities from its main southern cities in August after text messages warning them to flee went viral.”
There have been recorded instances of nations allegedly engaging in cyberwarfare. The Center for the Study of Technology and Society has identified five methods by which cyberwarfare can be used as a means of military action. These include defacing or di.
The document discusses various methods of virus detection. It describes how antivirus software uses virus signature definitions and heuristic algorithms to detect viruses. Signature definitions work by comparing files to a database of known virus signatures, while heuristic algorithms detect viruses based on their behavior, which can help create signatures for new viruses. Regular scanning with updated antivirus software is the best way to detect and prevent virus infections on a system.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Dandelion Hashtable: beyond billion requests per second on a commodity server
Cyber
1. Web definitions
o Cyberwarfare has been defined by government security expert Richard A. Clarke, in his
book Cyber War (May 2010), as "actions by a nation-state to penetrate another nation's
computers or networks for the purposes of causing damage or disruption."Clarke,
Richard A. ...
o Using computers and the Internet to attack others via their computer
systems. Targets may include military computer networks, power grids,
banks, and government and media Web sites. Most often the goal is to
disrupt the functioning of the target system.
Published online 8 June 2011 | Nature 474, 142-145 (2011) | doi:10.1038/474142a
News Feature
Computer security: Is this the start of
cyberwarfare?
Last year's Stuxnet virus attack represented a new kind of threat to critical
infrastructure.
Sharon Weinberger
Download a PDF of this article
Just over a year ago, a computer in Iran started repeatedly rebooting itself,
seemingly without reason. Suspecting some kind of malicious software (malware),
analysts at VirusBlokAda, an antivirus-software company in Minsk, examined the
misbehaving machine over the Internet, and soon found that they were right.
Disturbingly so: the code they extracted from the Iranian machine proved to be a
previously unknown computer virus of unprecedented size and complexity.
2. On 17 June 2010, VirusBlokAda issued a worldwide alert that set off an
international race to track down what came to be known as Stuxnet: the most
sophisticated computer malware yet found and the harbinger of a new generation
of cyberthreats. Unlike conventional malware, which does its damage only in the
virtual world of computers and networks, Stuxnet would turn out to target the
software that controls pumps, valves, generators and other industrial machines.
"It was the first time we'd analysed a threat that could cause real-world damage,
that could actually cause some machine to break, that might be able to cause an
explosion," says Liam O Murchu, chief of security response for the world's largest
computer-security firm, Symantec in Mountain View, California.
Stuxnet provided chilling proof that groups or nations could launch a cyberattack
against a society's vital infrastructures for water and energy. "We are probably just
now entering the era of the cyber arms race," says Mikko Hypponen, chief research
officer for F-Secure, an antivirus company based in Helsinki.
Worse yet, the Stuxnet episode has highlighted just how inadequate are society's
current defences — and how glaring is the gap in cybersecurity science.
Computer-security firms are competitive in the marketplace, but they generally
respond to a threat such as Stuxnet with close collaboration behind the scenes.
Soon after VirusBlokAda's alert, for example, Kaspersky Lab in Moscow was working
with Microsoft in Redmond, Washington, to hunt down the vulnerabilities that the
virus was exploiting in the Windows operating system. (It was Microsoft that coined
the name Stuxnet, after one of the files hidden in its code. Technically, Stuxnet was
a 'worm', a type of malware that can operate on its own without needing another
program to infect. But even experts often call it a 'virus', which has become the
generic term for self-replicating malware.)
One of the most ambitious and comprehensive responses was led by Symantec,
which kept O Murchu and his worldwide team of experts working on Stuxnet around
the clock for three months. One major centre of operations was Symantec's
malware lab in Culver City, California, which operates like the digital equivalent of a
top-level biological containment facility. A sign on the door warns visitors to leave
computers, USB flash drives and smart phones outside: any electronic device that
passes through that door, even by mistake, will stay there. Inside the lab, the team
began by dropping Stuxnet into a simulated networking environment so that they
could safely watch what it did. The sheer size of the virus was staggering: some
15,000 lines of code, representing an estimated 10,000 person hours in software
development. Compared with any other virus ever seen, says O Murchu, "it's a
huge amount of code".
Equally striking was the sophistication of that code. Stuxnet took advantage of two
digital certificates of authenticity stolen from respected companies, and exploited
four different 'zero day vulnerabilities' — previously unidentified security holes in
Windows that were wide open for hackers to use.
3. Then there was the virus's behaviour. "Very quickly we realized that it was doing
something very unusual," recalls O Murchu. Most notably, Stuxnet was trying to
talk to the programmable logic controllers (PLCs) that are used to direct industrial
machinery. Stuxnet was very selective, however: although the virus could spread to
almost any machine running Windows, the crucial parts of its executable code
would become active only if that machine was also running Siemens Step7, one of
the many supervisory control and data acquisition (SCADA) systems used to
manage industrial processes.
Click for larger image
Many industrial control systems are never connected to the Internet, precisely to
protect them from malware and hostile takeover. That led to another aspect of
Stuxnet's sophistication. Like most other malware, it could spread over a network.
But it could also covertly install itself on a USB drive. So all it would take was one
operator unknowingly plugging an infected memory stick into a control-system
computer, and the virus could explode into action (see 'How a virus can cripple a
nation').
4. Murky motives
It still wasn't clear what Stuxnet was supposed to do to the Siemens software. The
Symantec team got a clue when it realized that the virus was gathering information
about the host computers it had infected, and sending the data back to servers in
Malaysia and Denmark — presumably to give the unknown perpetrators a way to
update the Stuxnet virus covertly. Identifying the command and control servers
didn't allow Symantec to identify the perpetrators, but they were able to convince
the Internet service providers to cut off the perpetrators' access, rerouting the
traffic from the infected computers back to Symantec so that they could eavesdrop.
By watching where the traffic to the servers was coming from, O Murchu says, "we
were able to see that the majority of infections were in Iran" — at least 60% of
them. In fact, the infections seemed to have been appearing there in waves since
2009.
The obvious inference was that the virus had deliberately been directed against
Iran, for reasons as yet unknown. But the Symantec investigators couldn't go much
further by themselves. They were extremely knowledgeable about computers and
networking, but like most malware-protection teams, they had little or no expertise
in PLCs or SCADA systems. "At some point in their analysis they just couldn't make
any more sense out of what the purpose of this thing was, because they were not
able to experiment with the virus in such a lab environment," says Ralph Langner, a
control-system security consultant in Hamburg, Germany.
Langner independently took it upon himself to fill that gap. Over the summer, he
and his team began running Stuxnet in a lab environment equipped with Siemens
software and industrial control systems, and watching how the virus interacted with
PLCs. "We began to see very strange and funny results immediately, and I mean by
that within the first day of our lab experiment," he says.
Those PLC results allowed Langner to infer that Stuxnet was a directed attack,
seeking out specific software and hardware. In mid-September 2010, he announced
on his blog that the evidence supported the suspicion that Stuxnet had been
deliberately directed against Iran. The most likely target, he then believed, was the
Bushehr nuclear power plant.
Industrial sabotage
Speculative though Langner's statements were, the news media quickly picked up
on them and spread the word of a targeted cyberweapon. Over the next few
months, however, as Langner and others continued to work with the code, the
evidence began to point away from Bushehr and towards a uranium-enrichment
facility in Natanz, where thousands of centrifuges were separating the rare but
fissionable isotope uranium-235 from the heavier uranium-238. Many Western
nations believe that this enrichment effort, which ostensibly provides fuel for
nuclear power stations, is actually aimed at producing a nuclear weapon. The
malware code, according to Langner and others, was designed to alter the speed of
5. the delicate centrifuges, essentially causing the machines to spin out of control and
break.
That interpretation is given credence by reports from the International Atomic
Energy Agency (IAEA) in Vienna, which document a precipitous drop in the number
of operating centrifuges in 2009, the year that many observers think Stuxnet first
infected computers in Iran.
“We are probably just now entering the era of the cyber arms race.”
True, the evidence is circumstantial at best. "We don't know what those machines
were doing" when they weren't in operation, cautions Ivanka Barszashka, a
Bulgarian physicist who studied Iranian centrifuge performance while she was
working with the Federation of American Scientists in Washington DC. "We don't
know if they were actually broken or if they were just sitting there." Moreover, the
Iranian government has officially denied that Stuxnet destroyed large numbers of
centrifuges at Natanz, although it does acknowledge that the infection is
widespread in the country. And IAEA inspection reports from late 2010 make it
clear that any damage was at most a temporary setback: Iran's enrichment
capacity is higher than ever.
However, if Natanz was the target, that does suggest an answer to the mystery of
who created Stuxnet, and why. Given the knowledge required — including expertise
in malware, industrial security and the specific types and configurations of the
industrial equipment being targeted — most Stuxnet investigators concluded early
on that the perpetrators were backed by a government.
Governments have tried to sabotage foreign nuclear programmes before, says Olli
Heinonen, a senior fellow at the Belfer Center for Science and International Affairs
at Harvard University in Cambridge, Massachusetts, and former deputy director-
general of the IAEA. In the 1980s and 1990s, for example, Western governments
orchestrated a campaign to inject faulty parts into the network that Pakistan used
to supply nuclear technology to countries such as Iran and North Korea.
Intelligence agencies, including the US Central Intelligence Agency, have also made
other attempts to sell flawed nuclear designs to would-be proliferators. "Stuxnet,"
says Heinonen, "is another way to do the same thing."
Langner argues that the government behind Stuxnet is that of the United States,
which has both the required expertise in cyberwarfare and a long-standing goal of
thwarting Iran's nuclear ambitions. Throughout the summer of 2010, while
Langner, Symantec and all the other investigators were vigorously trading ideas
and information about Stuxnet, the US Department of Homeland Security
maintained a puzzling silence, even though it operates Computer Emergency
Readiness Teams (CERTs) created specifically to address cyberthreats. True, the
CERT at the Idaho National Laboratory outside Idaho Falls, which operates one of
the world's most sophisticated testbeds for industrial control systems, did issue a
series of alerts. But the first, on 20 July 2010, came more than a month after the
initial warning from Belarus and contained nothing new. Later alerts followed the
6. same pattern: too little, too late. "A delayed clipping service," said Dale Peterson,
founder of Digital Bond, a SCADA security firm in Sunrise, Florida, on his blog.
"There is no way that they could have missed this problem, or that this is all a
misunderstanding. That's just not possible," says Langner, who believes that the
Idaho lab's anaemic response was deliberate, intended to cover up the fact that
Stuxnet had been created there.
But even Langner has to admit that the evidence against the United States is purely
circumstantial. (The US government itself will neither confirm nor deny the
allegation, as is its practice for any discussion of covert activity.) And the evidence
against the other frequently mentioned suspect, Israel, is even more so. Symantec,
for example, points out that a name embedded in Stuxnet's code, Myrtus, could be
a reference to a biblical story about a planned massacre of Jews in Persia. But other
investigators say that such claims are beyond tenuous. "There are no facts" about
Israel, declares Jeffrey Carr, founder and chief executive of Taia Global, a
cybersecurity consulting company in Tysons Corner, Virginia.
The Aftermath
The 'who?' may never be discovered. Active investigation of Stuxnet effectively
came to an end in February 2011, when Symantec posted a final update to its
definitive report on the virus, including key details about its execution, lines of
attack and spread over time. Microsoft had long since patched the security holes
that Stuxnet exploited, and all the antivirus companies had updated their
customers' digital immune systems with the ability to recognize and shut down
Stuxnet on sight. New infections are now rare — although they do still occur, and it
will take years before all the computers with access to Siemens controllers are
patched.
If Stuxnet itself has ceased to be a serious threat, however, cybersecurity experts
continue to worry about the larger vulnerabilities that it exposed. Stuxnet
essentially laid out a blueprint for future attackers to learn from and perhaps
improve, say many of the investigators who have studied it. "In a way, you did
open the Pandora's box by launching this attack," says Langner of his suspicions
about the United States. "And it might turn back to you guys eventually."
Cybersecurity experts are ill-prepared for the threat, in part because they lack ties
to the people who understand industrial control systems. "We've got actually two
very different worlds that traditionally have not communicated all that much," says
Eric Byres, co-founder and chief technology officer of Tofino Industrial Security in
Lantzville, Canada. He applauds Symantec, Langner and others for reaching across
that divide. But the effort required to make those connections substantially delayed
the investigation.
The divide extends into university computer-science departments, say Byres,
himself an ex-academic. Researchers tend to look at industrial-control security as a
7. technical problem, rather than an issue requiring serious scientific attention, he
says. So when graduate students express interest in looking at, say, cryptography
and industrial controls, they are told that the subject is not mathematically
challenging enough for a dissertation project.
"I'm not aware of any academic researchers who have invested significantly in the
study of Stuxnet," agrees Andrew Ginter, director of industrial security for the
North American group of Waterfall Security Solutions, based in Tel Aviv, Israel.
Almost the only researchers doing that kind of work are in industrial or government
settings — among them a team at the Idaho National Laboratory working on a
next-generation system called Sophia, which tries to protect industrial control
systems against Stuxnet-like threats by detecting anomalies in the network.
One barrier for academics working on cybersecurity is access to the malware that
they must protect against. That was not such a problem for Stuxnet itself, because
its code was posted on the web shortly after it was first identified. But in general,
the careful safeguards that Symantec and other companies put in place in secure
labs to protect the escape of malware may also inadvertently be a barrier for
researchers who need to study them. "If you're doing research into biological
agents, it's limited groups that have them and they are largely unwilling to share;
the same holds true for malware," says Anup Ghosh, chief scientist at the Center
for Secure Information Systems at George Mason University in Fairfax, Virginia. "To
advance the field, researchers need access to good data sets," says Ghosh, who
was once a programme manager at the US Defense Advanced Research Projects
Agency, and is now working on a malware detector designed to identify viruses on
the basis of how they behave, rather than on specific patterns in their code, known
as signatures.
Academic researchers are also inhibited by a certain squeamishness about digital
weaponry, according to Herb Lin, chief scientist at the Computer Science and
Telecommunications Board of the US National Research Council in Washington DC.
He points out that to understand how to guard against cyberattacks, it may help to
know how to commit them. Yet teaching graduate students to write malware is
"very controversial", he says. "People say, 'What do you mean: you're training
hackers?'"
Preparing for the next attack
A study last year by the JASON group, which advises the US government on science
and technology matters, including defence, found broad challenges for
cybersecurity (JASON Science of Cyber-Security; MITRE Corporation, 2010).
Perhaps most important was its conclusion that the field was "underdeveloped in
reporting experimental results, and consequently in the ability to use them".
Roy Maxion, a computer scientist at Carnegie Mellon University in Pittsburgh,
Pennsylvania, who briefed JASON, goes further, saying that cybersecurity suffers
from a lack of scientific rigour. Medical professionals over the past 200 years
8. transformed themselves from purveyors of leeches to modern scientists with the
advent of evidence-based medicine, he notes. "In computer science and in
computer security in particular, that train is nowhere in sight."
Computer science has developed largely as a collection of what Maxion calls "clever
parlour tricks". For example, at one conference, the leading paper showed how
researchers could read computer screens by looking at the reflections off windows
and other objects. "From a practical point of view, anyone in a classified meeting
would go, 'pooh'," he says. "In places where they don't want you to know [what's
on the computer screen], there are no windows. Yet, that was the buzz that year."
Maxion sees an urgent need for computer-science and security curricula to include
courses in traditional research methods, such as experimental design and statistics
— none of which is currently required. "Why does it matter?" he asks. "Because we
don't have a scientific basis for investigating phenomena like Stuxnet, or the kind of
defences that would be effective against it."
Also troubling for many of the Stuxnet investigators was the US government's
lacklustre response to the virus (assuming that it was not the perpetrator). Stuxnet
represents a new generation of cyberweapon that could be turned against US
targets, but there is no evidence that the government is making the obvious
preparations for such an attack — for example, plans for a coordinated response
that pools resources from academia, research institutes and private business.
ADVERTISEMENT
Other countries seem to be taking the threat more seriously. Some of China's
universities and vocational colleges have reportedly forged strong connections with
9. the military to work on cybersecurity, for example. And Israel also seems to be
exploiting its computing expertise for national security. A few months before the
discovery of Stuxnet, Yuval Elovici, a computer scientist and director of Deutsche
Telekom Laboratories at Ben-Gurion University of the Negev in Beersheba, Israel,
toldNature that he was working closely with the country's Ministry of Defense on
cybersecurity. He presciently warned that the next wave of cyberattacks would be
aimed at physical infrastructures. "What would happen if there were a code
injection into SCADA? What if someone would activate it suddenly?" Elovici asked.
He and other experts have been warning for several years now that such an attack
on SCADA systems controlling the electricity grid could spark nationwide blackouts,
or that the safety systems of power plants could be overridden, causing a shutdown
or a serious accident. Similar disruptions could hit water and sewage systems, or
even food processing plants.
Such attacks, Elovici warned, are both realistic and underestimated. Asked how bad
one would be, Elovici was unequivocal. "I think," he said, "it would be much
stronger than the impact of setting several atomic bombs on major cities."
See Editorial page 127
Sharon Weinberger is an Alicia Patterson Foundation fellow based inWashington DC.
What is Cyberwarfare?
Cyberwarfare is probably one of the most advanced forms of weaponry in such a
way that it can bring about negative influences on the one being aimed at. This is
sometimes referred to as the fifth domain of the warfare next to the land, sea, air,
and space.
The term cyberwarfare usually indicates hacking that is influenced mostly by politics
and this is done in order to successfully perform both spying and sabotaging. This
kind of attack is massive in nature and it is also digitally-synchronized for the
purpose of having a successful attack by the government or groups of citizens
against another.
Cyberwarfare is a type of information warfare which is also similar to the
conventional warfare. But then, relating cyberwarfare with conventional warfare
became an issue due to the level of precision of each of the attacks as well as the
political motivation behind these two.
Based on the results of its use, it was proven that there is no such thing as
restrictions when utilizing cyberwarfare. In addition, most of the established
objectives are accomplished when making use of this kind of wide-ranged assault.
There were various types of attacks that were recorded by security specialists as
part of the cyberwarfare and these are the following: sabotage, electrical power
grid, vandalism, and information gathering.
10. According to experts, there can possibly be a political influence behind defensive
and offensive hacking. However, there is always an evident similarity between the
protective methods as well as simple computer security.
Cyberwarfare may be initiated with the use of the tools regarded as cyber weapons.
These devices are just basic programs with a determined purpose of either
providing strong defense or initiation of an assault. Wide array of these cyber
weapons are found all over the internet in large numbers. However, the more
complicated and updated programs are kept in private by the authorized
individuals.
Know more information regarding IT by viewing any of the given pages: SecPoint
Products, SecPoint Resources, and SecPoint News.
Hackers and other individuals trained in software programming and exploiting the intricacies of computer
networks are the primary executors of these attacks. These individuals often operate under the auspices
and possibly the support of nation-state
actors.
Talking to DNA, security expert Niranjan Reddy, founder and chief technology officer of NetConclave
Systems and a member of Indian Cyber Police, said, “Bullets are being replaced with bytes.”
“Cyberspace is the new warfront. As August 15 was approaching, Pakistani hacker attacked Indian sites,”
he added.
Reddy said that underground hacking groups had carried out systematic attacks on 100 sites, especially
government ones in the past.
Cyberspace, according to Reddy, is now the new battle ground for Kashmir as hackers are finding new
means to demand emancipation of Kashmir by attacking various websites. These kinds of attacks can
disable official websites and networks, disrupt or disable essential services, steal or alter classified data
and cripple financial systems among many other possibilities.
Rohit Srivastwa, expert on cyber security, told DNA, “The use of technology is used in spreading wrong
messages. Earlier, people communicated inflammatory sentiments though emails and telephones. Now,
the modus operandi has changed.”
“They are circulating video clips which can move rapidly and create panic among the people at large. This
cannot be ceased by the government by just banning bulk SMSes or MMSes. Efforts should be taken to
thwart such processes from the beginning,” he added.
Deepak Shikarpur, chairman of the IT Committee of Mahratta Chamber of Commerce Industries and
Agriculture, said, “Yes, it is the initial stage of cyber warfare and the issue is not just limited to Pune. It is a
threat to the entire country.
“A decade ago, the national conference of Indian Science Congress took place in Pune. It was a big
event as the prime minister and other dignitaries were part of it. Just before the event, its website was
11. hacked and it took two days to restore the entire thing. Problem does not lie with technology alone. It’s
the intention of those trying to misuse it,” he said.
“Our Information Technology Act is very strong, but we need to have a fast track court so that the
conviction rate in such kind of cases increases,” he added.
“We cannot link the current issues with cyber warfare as they are more technical. However, whatever has
taken place recently is a new way of utilising the social media. Earlier, brainwashing was done verbally.
Now, people are playing with the technology,” an officer of the cyber cell said.
Despite the concern, many still do not realise the effects this seemingly impending
battle could have.
Most of our infrastructures rely on computer technology to function properly - from
railways to electricity companies and national defence systems - so failure or
malicious attacks on them matters more than just not being able to read an e-mail.