SlideShare a Scribd company logo

Stuxnet

Download as PPTX, PDF
atif zaidi
atif zaidi

The document discusses the Stuxnet computer worm that targeted Iran's nuclear facilities. It describes how Stuxnet infected industrial sites in Iran starting in 2009, including a uranium enrichment plant. It spread through computer networks and used several zero-day exploits to infect systems and remain undetected. Stuxnet is believed to have been created by the United States and Israel to sabotage Iran's nuclear program.

TechnologyBusiness
1 of 16
Your computer is not handled by you. You have loss your data. You do not know what your computer do.
Presentation By : Atif Hasnain Zaidi
 Basically Stuxnet is a Computer worm.  It is discovered in June 2010.  It is believed that STUXNET created by the United States and Israel to attack Iran's nuclear facilities.  Roel Schouwenberg spends his days (and many nights) to creating the STUXNET.
 A 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant.  A computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.  This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases.
 2009 June: Earliest Stuxnet seen ◦ Does not use MS10-046 ◦ Does not have signed drivers  2010 Jan: Stuxnet driver signed ◦ With a valid certificate belonging to Realtek Semiconductors  2010 June: Virusblokada reports W32.Stuxnet ◦ Stuxnet use MS10-46 ◦ Verisign revokes Realtek certificate  2010 July: Eset identify new Stuxnet driver ◦ With a valid certificate belonging to JMicron Technology Corp  2010 July: Siemens report they are investigating malware SCADA systems ◦ Verisign revokes JMicron certificate
 2010 Aug: Microsoft issues MS10-046 ◦ Patches windows shell shortcut vulnerability  2010 Sept: Microsoft issues MS10-061 ◦ Patches Printer Spooler Vulnerability  2010 Sept: Iran nuclear plant hit by delay ◦ Warm weather blamed ◦ Measured temperatures were at historical averages  2010 Oct: Iran arrest “spies” ◦ Spies who attempted to sabotage the country's nuclear programme ◦ Russian nuclear nuclear experts flee Iran
 Organization ◦ Stuxnet consists of a large .dll file ◦ 32 Exports (Function goals) ◦ 15 Resources (Function methods)  Stuxnet calls LoadLibrary ◦ With a specially crafted file name that does not exist ◦ Which causes LoadLibrary to fail.  However, W32.Stuxnet has hooked Ntdll.dll ◦ To monitor for requests to load specially crafted file names. ◦ These specially crafted filenames are mapped to another location instead ◦ A location specified by W32.Stuxnet. ◦ Where a .dll file has been decrypted and stored by the Stuxnet previously.
 Stuxnet collects and store the following information: ◦ Major OS Version and Minor OS Version ◦ Flags used by Stuxnet ◦ Flag specifying if the computer is part of a workgroup or domain ◦ Time of infection ◦ IP address of the compromised computer ◦ file name of infected project file  Win 2K  WinXP  Windows 200  Vista  Windows Server 2008  Windows 7  Windows Server 2008 R2
 Iran ◦ Iran blames Stuxnet worm on Western plot (Ministry of Foreign Affairs) ◦ "Western states are trying to stop Iran's (nuclear) activities by embarking on psychological warfare and aggrandizing, but Iran would by no means give up its rights by such measures,“ ◦ "Nothing would cause a delay in Iran's nuclear activities“ ◦ "enemy spy services" were responsible for Stuxnet (Minister of intelligence)
 Israel (DEBKA file) ◦ An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm ◦ Not only have their own attempts to defeat the invading worm failed, but they made matters worse:  The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack. ◦ One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch.“ ◦ These statements were copied verbatim by mayor
 India 8.31%  Azerbaijan 2.57%  United States 1.56%  Pakistan 1.28%  Others 9.2%  Iran 60%  Indonesia 18.22%
 Stuxnet represents the first of many milestones in malicious code history ◦ It is the first to exploit multiple 0-day vulnerabilities, ◦ Compromise two digital certificates, ◦ And inject code into industrial control systems ◦ and hide the code from the operator.  Stuxnet is of such great complexity ◦ Requiring significant resources to develop ◦ That few attackers will be capable of producing a similar threat  Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.
Stuxnet
Stuxnet

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
Santosh Khadsare
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
Stuxnets
StuxnetsStuxnets
Stuxnets
Alek Kwek
 

Recommended

Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
Santosh Khadsare
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
Stuxnets
StuxnetsStuxnets
Stuxnets
Alek Kwek
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
Stuxnet update 15_feb2011
Stuxnet update 15_feb2011Stuxnet update 15_feb2011
Stuxnet update 15_feb2011
AngelaHoltby
 
Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013
Yury Chemerkin
 
Malware
MalwareMalware
Malware
Nikola Milosevic
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
Rahman_Hussain
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
Richard Stiennon
 
Malware freak show
Malware freak showMalware freak show
Malware freak show
sr1nu
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
n|u - The Open Security Community
 
NULL Mumbai NewsBytes
NULL Mumbai NewsBytesNULL Mumbai NewsBytes
NULL Mumbai NewsBytes
VirajThakkar4
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
Nishant Reshwal
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
Frederik Questier
 
Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation rev
vincentleone
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
Mrunalini Koritala
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
jack51706
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot Security
IRJET Journal
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
The story of story
The story of storyThe story of story
The story of story
sean8668
 
Visita a la biblioteca
Visita a la bibliotecaVisita a la biblioteca
Visita a la biblioteca
Lucia Tojeiro Gañete
 

More Related Content

What's hot

The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013
Yury Chemerkin
 
Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation rev
vincentleone
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
Mrunalini Koritala
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 

What's hot (20)

The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
 
Stuxnet update 15_feb2011
Stuxnet update 15_feb2011Stuxnet update 15_feb2011
Stuxnet update 15_feb2011
 
Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013
 
Malware
MalwareMalware
Malware
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
 
Malware freak show
Malware freak showMalware freak show
Malware freak show
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 
NULL Mumbai NewsBytes
NULL Mumbai NewsBytesNULL Mumbai NewsBytes
NULL Mumbai NewsBytes
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 
Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation rev
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot Security
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 

Viewers also liked

The story of story
The story of storyThe story of story
The story of story
sean8668
 
My city my story
My city my storyMy city my story
My city my story
sean8668
 
Mikels journal articlereview
Mikels journal articlereviewMikels journal articlereview
Mikels journal articlereview
sean8668
 

Viewers also liked (6)

The story of story
The story of storyThe story of story
The story of story
 
Visita a la biblioteca
Visita a la bibliotecaVisita a la biblioteca
Visita a la biblioteca
 
My city my story
My city my storyMy city my story
My city my story
 
My MAS application
My MAS applicationMy MAS application
My MAS application
 
Hemlock grove Communications strategy
Hemlock grove Communications strategyHemlock grove Communications strategy
Hemlock grove Communications strategy
 
Mikels journal articlereview
Mikels journal articlereviewMikels journal articlereview
Mikels journal articlereview
 

Similar to Stuxnet

News letter aug 11
News letter aug 11News letter aug 11
News letter aug 11
captsbtyagi
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
Lior Rotkovitch
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Neelabh Rai
 
Read the NIST documents that I provided and Chapter 12 in your text..docx
Read the NIST documents that I provided and Chapter 12 in your text..docxRead the NIST documents that I provided and Chapter 12 in your text..docx
Read the NIST documents that I provided and Chapter 12 in your text..docx
angelicar11
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 

Similar to Stuxnet (20)

Cyber
CyberCyber
Cyber
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
SIC_gr5.pptx
SIC_gr5.pptxSIC_gr5.pptx
SIC_gr5.pptx
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
News letter aug 11
News letter aug 11News letter aug 11
News letter aug 11
 
Cyber-what?
Cyber-what?Cyber-what?
Cyber-what?
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
Malware Freak Show
Malware Freak ShowMalware Freak Show
Malware Freak Show
 
CYBER ATTACKS ON GEORGIAN GOVERNMENTAL RESOURCES - Zurab Akhvlediani
CYBER ATTACKS ON GEORGIAN GOVERNMENTAL RESOURCES - Zurab AkhvledianiCYBER ATTACKS ON GEORGIAN GOVERNMENTAL RESOURCES - Zurab Akhvlediani
CYBER ATTACKS ON GEORGIAN GOVERNMENTAL RESOURCES - Zurab Akhvlediani
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
 
Port security
Port securityPort security
Port security
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Read the NIST documents that I provided and Chapter 12 in your text..docx
Read the NIST documents that I provided and Chapter 12 in your text..docxRead the NIST documents that I provided and Chapter 12 in your text..docx
Read the NIST documents that I provided and Chapter 12 in your text..docx
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 

Recently uploaded (20)

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 

Stuxnet

  • 1.
  • 2. Your computer is not handled by you. You have loss your data. You do not know what your computer do.
  • 3. Presentation By : Atif Hasnain Zaidi
  • 4.  Basically Stuxnet is a Computer worm.  It is discovered in June 2010.  It is believed that STUXNET created by the United States and Israel to attack Iran's nuclear facilities.  Roel Schouwenberg spends his days (and many nights) to creating the STUXNET.
  • 5.  A 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant.  A computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.  This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases.
  • 6.  2009 June: Earliest Stuxnet seen ◦ Does not use MS10-046 ◦ Does not have signed drivers  2010 Jan: Stuxnet driver signed ◦ With a valid certificate belonging to Realtek Semiconductors  2010 June: Virusblokada reports W32.Stuxnet ◦ Stuxnet use MS10-46 ◦ Verisign revokes Realtek certificate  2010 July: Eset identify new Stuxnet driver ◦ With a valid certificate belonging to JMicron Technology Corp  2010 July: Siemens report they are investigating malware SCADA systems ◦ Verisign revokes JMicron certificate
  • 7.  2010 Aug: Microsoft issues MS10-046 ◦ Patches windows shell shortcut vulnerability  2010 Sept: Microsoft issues MS10-061 ◦ Patches Printer Spooler Vulnerability  2010 Sept: Iran nuclear plant hit by delay ◦ Warm weather blamed ◦ Measured temperatures were at historical averages  2010 Oct: Iran arrest “spies” ◦ Spies who attempted to sabotage the country's nuclear programme ◦ Russian nuclear nuclear experts flee Iran
  • 8.  Organization ◦ Stuxnet consists of a large .dll file ◦ 32 Exports (Function goals) ◦ 15 Resources (Function methods)  Stuxnet calls LoadLibrary ◦ With a specially crafted file name that does not exist ◦ Which causes LoadLibrary to fail.  However, W32.Stuxnet has hooked Ntdll.dll ◦ To monitor for requests to load specially crafted file names. ◦ These specially crafted filenames are mapped to another location instead ◦ A location specified by W32.Stuxnet. ◦ Where a .dll file has been decrypted and stored by the Stuxnet previously.
  • 9.  Stuxnet collects and store the following information: ◦ Major OS Version and Minor OS Version ◦ Flags used by Stuxnet ◦ Flag specifying if the computer is part of a workgroup or domain ◦ Time of infection ◦ IP address of the compromised computer ◦ file name of infected project file  Win 2K  WinXP  Windows 200  Vista  Windows Server 2008  Windows 7  Windows Server 2008 R2
  • 10.
  • 11.  Iran ◦ Iran blames Stuxnet worm on Western plot (Ministry of Foreign Affairs) ◦ "Western states are trying to stop Iran's (nuclear) activities by embarking on psychological warfare and aggrandizing, but Iran would by no means give up its rights by such measures,“ ◦ "Nothing would cause a delay in Iran's nuclear activities“ ◦ "enemy spy services" were responsible for Stuxnet (Minister of intelligence)
  • 12.  Israel (DEBKA file) ◦ An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm ◦ Not only have their own attempts to defeat the invading worm failed, but they made matters worse:  The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack. ◦ One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch.“ ◦ These statements were copied verbatim by mayor
  • 13.  India 8.31%  Azerbaijan 2.57%  United States 1.56%  Pakistan 1.28%  Others 9.2%  Iran 60%  Indonesia 18.22%
  • 14.  Stuxnet represents the first of many milestones in malicious code history ◦ It is the first to exploit multiple 0-day vulnerabilities, ◦ Compromise two digital certificates, ◦ And inject code into industrial control systems ◦ and hide the code from the operator.  Stuxnet is of such great complexity ◦ Requiring significant resources to develop ◦ That few attackers will be capable of producing a similar threat  Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.