atif zaidi, profile picture
Uploaded byatif zaidi
PPTX, PDF508 views

Stuxnet

The document discusses the Stuxnet computer worm that targeted Iran's nuclear facilities. It describes how Stuxnet infected industrial sites in Iran starting in 2009, including a uranium enrichment plant. It spread through computer networks and used several zero-day exploits to infect systems and remain undetected. Stuxnet is believed to have been created by the United States and Israel to sabotage Iran's nuclear program.

Embed presentation

Downloaded 29 times
Your computer is not handled by you. You have loss your data. You do not know what your computer do.
Presentation By : Atif Hasnain Zaidi
 Basically Stuxnet is a Computer worm.  It is discovered in June 2010.  It is believed that STUXNET created by the United States and Israel to attack Iran's nuclear facilities.  Roel Schouwenberg spends his days (and many nights) to creating the STUXNET.
 A 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant.  A computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.  This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases.
 2009 June: Earliest Stuxnet seen ◦ Does not use MS10-046 ◦ Does not have signed drivers  2010 Jan: Stuxnet driver signed ◦ With a valid certificate belonging to Realtek Semiconductors  2010 June: Virusblokada reports W32.Stuxnet ◦ Stuxnet use MS10-46 ◦ Verisign revokes Realtek certificate  2010 July: Eset identify new Stuxnet driver ◦ With a valid certificate belonging to JMicron Technology Corp  2010 July: Siemens report they are investigating malware SCADA systems ◦ Verisign revokes JMicron certificate
 2010 Aug: Microsoft issues MS10-046 ◦ Patches windows shell shortcut vulnerability  2010 Sept: Microsoft issues MS10-061 ◦ Patches Printer Spooler Vulnerability  2010 Sept: Iran nuclear plant hit by delay ◦ Warm weather blamed ◦ Measured temperatures were at historical averages  2010 Oct: Iran arrest “spies” ◦ Spies who attempted to sabotage the country's nuclear programme ◦ Russian nuclear nuclear experts flee Iran
 Organization ◦ Stuxnet consists of a large .dll file ◦ 32 Exports (Function goals) ◦ 15 Resources (Function methods)  Stuxnet calls LoadLibrary ◦ With a specially crafted file name that does not exist ◦ Which causes LoadLibrary to fail.  However, W32.Stuxnet has hooked Ntdll.dll ◦ To monitor for requests to load specially crafted file names. ◦ These specially crafted filenames are mapped to another location instead ◦ A location specified by W32.Stuxnet. ◦ Where a .dll file has been decrypted and stored by the Stuxnet previously.
 Stuxnet collects and store the following information: ◦ Major OS Version and Minor OS Version ◦ Flags used by Stuxnet ◦ Flag specifying if the computer is part of a workgroup or domain ◦ Time of infection ◦ IP address of the compromised computer ◦ file name of infected project file  Win 2K  WinXP  Windows 200  Vista  Windows Server 2008  Windows 7  Windows Server 2008 R2
 Iran ◦ Iran blames Stuxnet worm on Western plot (Ministry of Foreign Affairs) ◦ "Western states are trying to stop Iran's (nuclear) activities by embarking on psychological warfare and aggrandizing, but Iran would by no means give up its rights by such measures,“ ◦ "Nothing would cause a delay in Iran's nuclear activities“ ◦ "enemy spy services" were responsible for Stuxnet (Minister of intelligence)
 Israel (DEBKA file) ◦ An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm ◦ Not only have their own attempts to defeat the invading worm failed, but they made matters worse:  The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack. ◦ One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch.“ ◦ These statements were copied verbatim by mayor
 India 8.31%  Azerbaijan 2.57%  United States 1.56%  Pakistan 1.28%  Others 9.2%  Iran 60%  Indonesia 18.22%
 Stuxnet represents the first of many milestones in malicious code history ◦ It is the first to exploit multiple 0-day vulnerabilities, ◦ Compromise two digital certificates, ◦ And inject code into industrial control systems ◦ and hide the code from the operator.  Stuxnet is of such great complexity ◦ Requiring significant resources to develop ◦ That few attackers will be capable of producing a similar threat  Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.
Stuxnet
Stuxnet

More Related Content

PDF
Stuxnet
byShishir Aryal
 
PPSX
Stuxnet - More then a virus.
byHardeep Bhurji
 
PPTX
Stuxnets
byAlek Kwek
 
PPT
Stuxnet flame
bySantosh Khadsare
 
PDF
Stuxnet, a malicious computer worm
bySumaiya Ismail
 
PPTX
The Stuxnet Virus FINAL
byNicholas Poole
 
PPT
Stuxnet - Case Study
byAmr Thabet
 
PDF
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
byINSIGHT FORENSIC
 
Stuxnet
byShishir Aryal
 
Stuxnet - More then a virus.
byHardeep Bhurji
 
Stuxnets
byAlek Kwek
 
Stuxnet flame
bySantosh Khadsare
 
Stuxnet, a malicious computer worm
bySumaiya Ismail
 
The Stuxnet Virus FINAL
byNicholas Poole
 
Stuxnet - Case Study
byAmr Thabet
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
byINSIGHT FORENSIC
 

What's hot

PDF
Introduction of hacking and cracking
byHarshil Barot
 
PPT
I Heart Stuxnet
byGil Megidish
 
PDF
Malware
byNikola Milosevic
 
PPTX
Introduction to Malware Detection and Reverse Engineering
byintertelinvestigations
 
PDF
勒索軟體態勢與應措
byjack51706
 
PPT
Guerilla warfare by means of netwarfare [2001]
byMikko Hypponen
 
PPTX
Securing The Computer From Viruses ...
byRahman_Hussain
 
PPTX
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
PPTX
Computer virus 2
byNishant Reshwal
 
PDF
The stuxnet computer worm. harbinger of an emerging warfare capability
byYury Chemerkin
 
PDF
Stuxnet update 15_feb2011
byAngelaHoltby
 
PDF
Malware freak show
bysr1nu
 
KEY
Post Apocalyptic Cyber Realism
byRichard Stiennon
 
PDF
Review on Honeypot Security
byIRJET Journal
 
PPT
Leone ct#2 presentation rev
byvincentleone
 
PPTX
NULL Mumbai NewsBytes
byVirajThakkar4
 
PDF
News bytes null 200314121904
byn|u - The Open Security Community
 
PDF
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
byMrunalini Koritala
 
PDF
Cyber security regulation strictly regulated by nrc feb 2013
byYury Chemerkin
 
PDF
Free Libre Open Source Software Development
byFrederik Questier
 
Introduction of hacking and cracking
byHarshil Barot
 
I Heart Stuxnet
byGil Megidish
 
Malware
byNikola Milosevic
 
Introduction to Malware Detection and Reverse Engineering
byintertelinvestigations
 
勒索軟體態勢與應措
byjack51706
 
Guerilla warfare by means of netwarfare [2001]
byMikko Hypponen
 
Securing The Computer From Viruses ...
byRahman_Hussain
 
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
Computer virus 2
byNishant Reshwal
 
The stuxnet computer worm. harbinger of an emerging warfare capability
byYury Chemerkin
 
Stuxnet update 15_feb2011
byAngelaHoltby
 
Malware freak show
bysr1nu
 
Post Apocalyptic Cyber Realism
byRichard Stiennon
 
Review on Honeypot Security
byIRJET Journal
 
Leone ct#2 presentation rev
byvincentleone
 
NULL Mumbai NewsBytes
byVirajThakkar4
 
News bytes null 200314121904
byn|u - The Open Security Community
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
byMrunalini Koritala
 
Cyber security regulation strictly regulated by nrc feb 2013
byYury Chemerkin
 
Free Libre Open Source Software Development
byFrederik Questier
 

Viewers also liked

PPTX
Visita a la biblioteca
byLucia Tojeiro Gañete
 
PPTX
My city my story
bysean8668
 
PPTX
Mikels journal articlereview
bysean8668
 
PDF
Hemlock grove Communications strategy
bymeganhanney
 
PDF
My MAS application
bymeganhanney
 
PDF
The story of story
bysean8668
 
Visita a la biblioteca
byLucia Tojeiro Gañete
 
My city my story
bysean8668
 
Mikels journal articlereview
bysean8668
 
Hemlock grove Communications strategy
bymeganhanney
 
My MAS application
bymeganhanney
 
The story of story
bysean8668
 

Similar to Stuxnet

PPTX
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
PDF
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
byNeelabh Rai
 
PDF
Stuxnet - A weapon of the future
byHardeep Bhurji
 
PDF
Optional Reading - Symantec Stuxnet Dossier
byAlireza Ghahrood
 
PDF
chapter 8- Management Information Systems Managing the Digital Firm
byMohamad Fathi
 
PPTX
10-5-202510-5-202510-5-202510-5-2025.pptx
byFutureTechnologies3
 
PDF
SCADA White Paper March2012
byJames Collinge, CISSP
 
PPTX
History of Cyber security (informative).
byHrishikeshDBhavar
 
PPTX
13-hamedHanymohamedHany-date-2025 5 10.pptx
byFutureTechnologies3
 
PDF
Reverse Engineering Presentation.pdf
byAbdelrahmanShaban3
 
PPTX
Stuxnet worm
bysommerville-videos
 
PPTX
stuxnet ppt .pptx
byYogeshChaubey2
 
PPTX
Stuxnet
byshiva_sathish
 
DOCX
Cyber
byjarajana
 
PPTX
SIC_gr5.pptx
byankitpal228942
 
PDF
The story behind the stuxnet virus bruce schneier
byAykut Özmen
 
PPT
The 1-hour Guide to Stuxnet.ppt
bySalman Naveed
 
PPT
STUXNET_
bybueno buono good
 
PDF
Stu t19 a
bySelectedPresentations
 
PDF
APT Attacks on Critical Infrastructure
byMiroslav Stampar
 
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
byNeelabh Rai
 
Stuxnet - A weapon of the future
byHardeep Bhurji
 
Optional Reading - Symantec Stuxnet Dossier
byAlireza Ghahrood
 
chapter 8- Management Information Systems Managing the Digital Firm
byMohamad Fathi
 
10-5-202510-5-202510-5-202510-5-2025.pptx
byFutureTechnologies3
 
SCADA White Paper March2012
byJames Collinge, CISSP
 
History of Cyber security (informative).
byHrishikeshDBhavar
 
13-hamedHanymohamedHany-date-2025 5 10.pptx
byFutureTechnologies3
 
Reverse Engineering Presentation.pdf
byAbdelrahmanShaban3
 
Stuxnet worm
bysommerville-videos
 
stuxnet ppt .pptx
byYogeshChaubey2
 
Stuxnet
byshiva_sathish
 
Cyber
byjarajana
 
SIC_gr5.pptx
byankitpal228942
 
The story behind the stuxnet virus bruce schneier
byAykut Özmen
 
The 1-hour Guide to Stuxnet.ppt
bySalman Naveed
 
STUXNET_
bybueno buono good
 
Stu t19 a
bySelectedPresentations
 
APT Attacks on Critical Infrastructure
byMiroslav Stampar
 

Recently uploaded

PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PDF
Huawei Datacom – How To Pass H12-892 On Your First Try
by591lab
 
PDF
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
PDF
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
Huawei Datacom – How To Pass H12-892 On Your First Try
by591lab
 
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 

Stuxnet

  • 2.
    Your computer isnot handled by you. You have loss your data. You do not know what your computer do.
  • 3.
  • 4.
     Basically Stuxnetis a Computer worm.  It is discovered in June 2010.  It is believed that STUXNET created by the United States and Israel to attack Iran's nuclear facilities.  Roel Schouwenberg spends his days (and many nights) to creating the STUXNET.
  • 5.
     A 500-kilobytecomputer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant.  A computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.  This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases.
  • 6.
     2009 June:Earliest Stuxnet seen ◦ Does not use MS10-046 ◦ Does not have signed drivers  2010 Jan: Stuxnet driver signed ◦ With a valid certificate belonging to Realtek Semiconductors  2010 June: Virusblokada reports W32.Stuxnet ◦ Stuxnet use MS10-46 ◦ Verisign revokes Realtek certificate  2010 July: Eset identify new Stuxnet driver ◦ With a valid certificate belonging to JMicron Technology Corp  2010 July: Siemens report they are investigating malware SCADA systems ◦ Verisign revokes JMicron certificate
  • 7.
     2010 Aug:Microsoft issues MS10-046 ◦ Patches windows shell shortcut vulnerability  2010 Sept: Microsoft issues MS10-061 ◦ Patches Printer Spooler Vulnerability  2010 Sept: Iran nuclear plant hit by delay ◦ Warm weather blamed ◦ Measured temperatures were at historical averages  2010 Oct: Iran arrest “spies” ◦ Spies who attempted to sabotage the country's nuclear programme ◦ Russian nuclear nuclear experts flee Iran
  • 8.
     Organization ◦ Stuxnetconsists of a large .dll file ◦ 32 Exports (Function goals) ◦ 15 Resources (Function methods)  Stuxnet calls LoadLibrary ◦ With a specially crafted file name that does not exist ◦ Which causes LoadLibrary to fail.  However, W32.Stuxnet has hooked Ntdll.dll ◦ To monitor for requests to load specially crafted file names. ◦ These specially crafted filenames are mapped to another location instead ◦ A location specified by W32.Stuxnet. ◦ Where a .dll file has been decrypted and stored by the Stuxnet previously.
  • 9.
     Stuxnet collectsand store the following information: ◦ Major OS Version and Minor OS Version ◦ Flags used by Stuxnet ◦ Flag specifying if the computer is part of a workgroup or domain ◦ Time of infection ◦ IP address of the compromised computer ◦ file name of infected project file  Win 2K  WinXP  Windows 200  Vista  Windows Server 2008  Windows 7  Windows Server 2008 R2
  • 11.
     Iran ◦ Iranblames Stuxnet worm on Western plot (Ministry of Foreign Affairs) ◦ "Western states are trying to stop Iran's (nuclear) activities by embarking on psychological warfare and aggrandizing, but Iran would by no means give up its rights by such measures,“ ◦ "Nothing would cause a delay in Iran's nuclear activities“ ◦ "enemy spy services" were responsible for Stuxnet (Minister of intelligence)
  • 12.
     Israel (DEBKAfile) ◦ An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm ◦ Not only have their own attempts to defeat the invading worm failed, but they made matters worse:  The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack. ◦ One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch.“ ◦ These statements were copied verbatim by mayor
  • 13.
     India 8.31% Azerbaijan 2.57%  United States 1.56%  Pakistan 1.28%  Others 9.2%  Iran 60%  Indonesia 18.22%
  • 14.
     Stuxnet representsthe first of many milestones in malicious code history ◦ It is the first to exploit multiple 0-day vulnerabilities, ◦ Compromise two digital certificates, ◦ And inject code into industrial control systems ◦ and hide the code from the operator.  Stuxnet is of such great complexity ◦ Requiring significant resources to develop ◦ That few attackers will be capable of producing a similar threat  Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.