Uploaded byshiva_sathish
2,497 views

Stuxnet

Stuxnet is a computer worm discovered in 2010 that targets industrial software and equipment. It is believed to have been designed to damage Iran's nuclear facilities. Stuxnet spreads through infected USB drives and seeks out specific models of programmable logic controllers used to automate industrial processes. It communicates with command and control servers to carry out its infection routine and propagate further through networks. Mitigation techniques for Stuxnet and other threats to industrial control systems include security information and event management systems, intrusion monitoring, and passive vulnerability scanning of control system networks.

Embed presentation

STUXNET – THE FORMIDABLE CYBER WEAPONSathish KumarRajeev Chaubey
AGENDA Stuxnet Background
Introduction to SCADA systems
Stuxnet Architecture
Installation procedure
Injection technique
Infection routine flow
Command and Control server communication
Stuxnet propagation methods
Security issues and mitigation techniques SCADA SYSTEMS – GLOBAL INCIDENTS Sewage Hacker - SCADA system of Maroochy Water Services in Australia beginning in January 2000, which saw millions of gallons of sewage spill into waterways, hotel grounds and canals around the Sunshine Coast suburb Trans-Siberian Pipeline USSR - spectacular trans-Siberian pipeline disaster in 1982 Nuclear Power Plant, US - California, The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours Power Grid, US - California, hackers broke into computer systems owned by California's primary electric power grid operator and remained undetected for 17 days Airport Hacker, US - Massachusetts, a computer hacker who disabled a key telephone company computer servicing the Worcester airport. As a result of a series of commands sent from the hacker's personal computer, vital services to the FAA control tower were disabled for six hours in March of 1997. In the course of his hacking, the defendant also electronically broke into a pharmacy computer and copied patient records.
STUXNET BACKGROUND Stuxnet is a Windows computer worm discovered in July 2010. Targets industrial software and equipment. Its speculated that stuxnet was specifically designed to damageIran nuclear facilities and widely believed stuxnet introduced delay in Iran's Bushehr Nuclear Power Plant startup The first to include a programmable logic controller (PLC) rootkit.
STUXNET DAY BY DAY EVOLUTION
SUPERVISORY CONTROL AND DATA ACQUISITION
PLC – PROGRAMMABLE LOGIC CONTROLLERSTUXNET SEEKS SPECIFIC MODELS S7-300 S7-400
PLC – SCAN CYCLERead InputExecute programDiagnostics and communicationsUpdate output
STUXNET ARCHITECTURE
STUXNET – INSTALLATION PROCEDURE

More Related Content

PDF
Stuxnet
bySymantec
 
PDF
How stuxnet spreads – a study of infection paths in best practice systems
byYury Chemerkin
 
PPTX
Stuxnet worm
bysommerville-videos
 
PPT
I Heart Stuxnet
byGil Megidish
 
PDF
Stuxnet - A weapon of the future
byHardeep Bhurji
 
PDF
Stuxnet, a malicious computer worm
bySumaiya Ismail
 
PDF
Stuxnet
byShishir Aryal
 
PDF
Mission Critical Security in a Post-Stuxnet World Part 1
byByres Security Inc.
 
Stuxnet
bySymantec
 
How stuxnet spreads – a study of infection paths in best practice systems
byYury Chemerkin
 
Stuxnet worm
bysommerville-videos
 
I Heart Stuxnet
byGil Megidish
 
Stuxnet - A weapon of the future
byHardeep Bhurji
 
Stuxnet, a malicious computer worm
bySumaiya Ismail
 
Stuxnet
byShishir Aryal
 
Mission Critical Security in a Post-Stuxnet World Part 1
byByres Security Inc.
 

What's hot

PDF
[GITSN] wireless data security system
by운상 조
 
PDF
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
PDF
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
PPTX
ICS Security 101 by Sandeep Singh
byOWASP Delhi
 
PPTX
SYMANTEC ENDPOINT PROTECTION Administration Introduction
byDsunte Wilson
 
PPTX
SCADA Presentation
byEric Favetta
 
PPTX
Stuxnets
byAlek Kwek
 
PDF
Improving SCADA Security
byNarinrit Prem-apiwathanokul
 
PDF
Mission Critical Security in a Post-Stuxnet World Part 2
byByres Security Inc.
 
PPTX
A look at current cyberattacks in Ukraine
byKaspersky
 
PDF
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
PPT
Stuxnet dc9723
byIftach Ian Amit
 
PPTX
RSAC 2021 Spelunking Through the Steps of a Control System Hack
byDan Gunter
 
PPTX
The Stuxnet Virus FINAL
byNicholas Poole
 
PPTX
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
PPTX
Where Are All The ICS Attacks?
byEnergySec
 
PDF
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
byTI Safe
 
PDF
Review on Honeypot Security
byIRJET Journal
 
PPSX
Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud
byMarketingArrowECS_CZ
 
DOCX
Effective
bychocolate501
 
[GITSN] wireless data security system
by운상 조
 
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
ICS Security 101 by Sandeep Singh
byOWASP Delhi
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
byDsunte Wilson
 
SCADA Presentation
byEric Favetta
 
Stuxnets
byAlek Kwek
 
Improving SCADA Security
byNarinrit Prem-apiwathanokul
 
Mission Critical Security in a Post-Stuxnet World Part 2
byByres Security Inc.
 
A look at current cyberattacks in Ukraine
byKaspersky
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
Stuxnet dc9723
byIftach Ian Amit
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
byDan Gunter
 
The Stuxnet Virus FINAL
byNicholas Poole
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
Where Are All The ICS Attacks?
byEnergySec
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
byTI Safe
 
Review on Honeypot Security
byIRJET Journal
 
Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud
byMarketingArrowECS_CZ
 
Effective
bychocolate501
 

Similar to Stuxnet

PDF
The World's First Cyber Weapon - Stuxnet
bySean Xie
 
PDF
SCADA White Paper March2012
byJames Collinge, CISSP
 
PDF
Stuxnet
bybueno buono good
 
PPTX
2012 02 14 Afcom Presentation
byEric Gallant
 
PDF
Optional Reading - Symantec Stuxnet Dossier
byAlireza Ghahrood
 
PPSX
Stuxnet - More then a virus.
byHardeep Bhurji
 
PPTX
13-hamedHanymohamedHany-date-2025 5 10.pptx
byFutureTechnologies3
 
PPTX
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
PPTX
10-5-202510-5-202510-5-202510-5-2025.pptx
byFutureTechnologies3
 
PPT
Stuxnet - Case Study
byAmr Thabet
 
PPTX
Stuxnet
byatif zaidi
 
PPT
Stuxnet flame
bySantosh Khadsare
 
PDF
Securing SCADA
byJeffrey Wang , P.Eng
 
PDF
Securing SCADA
byJeffrey Wang , P.Eng
 
PPTX
Power station monitoring and cyber security
byThames Global Consultants
 
PPTX
Infrastructure Attacks - The Next generation, ESET LLC
byInfosec Europe
 
DOCX
Cyber
byjarajana
 
PPT
STUXNET_
bybueno buono good
 
PPT
The 1-hour Guide to Stuxnet.ppt
bySalman Naveed
 
PDF
The story behind the stuxnet virus bruce schneier
byAykut Özmen
 
The World's First Cyber Weapon - Stuxnet
bySean Xie
 
SCADA White Paper March2012
byJames Collinge, CISSP
 
Stuxnet
bybueno buono good
 
2012 02 14 Afcom Presentation
byEric Gallant
 
Optional Reading - Symantec Stuxnet Dossier
byAlireza Ghahrood
 
Stuxnet - More then a virus.
byHardeep Bhurji
 
13-hamedHanymohamedHany-date-2025 5 10.pptx
byFutureTechnologies3
 
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
10-5-202510-5-202510-5-202510-5-2025.pptx
byFutureTechnologies3
 
Stuxnet - Case Study
byAmr Thabet
 
Stuxnet
byatif zaidi
 
Stuxnet flame
bySantosh Khadsare
 
Securing SCADA
byJeffrey Wang , P.Eng
 
Securing SCADA
byJeffrey Wang , P.Eng
 
Power station monitoring and cyber security
byThames Global Consultants
 
Infrastructure Attacks - The Next generation, ESET LLC
byInfosec Europe
 
Cyber
byjarajana
 
STUXNET_
bybueno buono good
 
The 1-hour Guide to Stuxnet.ppt
bySalman Naveed
 
The story behind the stuxnet virus bruce schneier
byAykut Özmen
 

Recently uploaded

PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 

Stuxnet

  • 1.
    STUXNET – THEFORMIDABLE CYBER WEAPONSathish KumarRajeev Chaubey
  • 2.
    AGENDAStuxnet Background
  • 3.
    Introduction toSCADA systems
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
    Command andControl server communication
  • 9.
  • 10.
    Security issuesand mitigation techniques SCADA SYSTEMS – GLOBAL INCIDENTS Sewage Hacker - SCADA system of Maroochy Water Services in Australia beginning in January 2000, which saw millions of gallons of sewage spill into waterways, hotel grounds and canals around the Sunshine Coast suburb Trans-Siberian Pipeline USSR - spectacular trans-Siberian pipeline disaster in 1982 Nuclear Power Plant, US - California, The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours Power Grid, US - California, hackers broke into computer systems owned by California's primary electric power grid operator and remained undetected for 17 days Airport Hacker, US - Massachusetts, a computer hacker who disabled a key telephone company computer servicing the Worcester airport. As a result of a series of commands sent from the hacker's personal computer, vital services to the FAA control tower were disabled for six hours in March of 1997. In the course of his hacking, the defendant also electronically broke into a pharmacy computer and copied patient records.
  • 11.
    STUXNET BACKGROUND Stuxnet is a Windows computer worm discovered in July 2010. Targets industrial software and equipment. Its speculated that stuxnet was specifically designed to damageIran nuclear facilities and widely believed stuxnet introduced delay in Iran's Bushehr Nuclear Power Plant startup The first to include a programmable logic controller (PLC) rootkit.
  • 12.
    STUXNET DAY BYDAY EVOLUTION
  • 13.
    SUPERVISORY CONTROL ANDDATA ACQUISITION
  • 14.
    PLC – PROGRAMMABLELOGIC CONTROLLERSTUXNET SEEKS SPECIFIC MODELS S7-300 S7-400
  • 15.
    PLC – SCANCYCLERead InputExecute programDiagnostics and communicationsUpdate output
  • 16.
  • 17.
  • 18.
  • 19.
    Stuxnet – C& C Server Communication
  • 20.
  • 21.
    Security issues andmitigation techniques Security Information and Event Management systems Intrusion monitoring systems integrated with SIEM Implement “Extrusion Detection” Implement passive vulnerability scanners (PVS) on the control systems network
  • 22.
    JUNIPER IDP SCADASIGNATURESSCADA:DNP3:DISABLE-RESP - This signature detects attempts to stop unsolicited responses from devices. Attackers can prevent devices from sending alarmsSCADA:DNP3:READ - This signature detects attempts by clients to read information from a Programmable Logic Controller (PLC). Attackers can use this information to plan future, more targeted attacksSCADA:DNP3:STOP - This signature detects attempts to stop a DNP3 serverSCADA:DNP3:WARM-RESTART- This signature detects attempts to reinitialize a PLC or DNP3 serverSCADA:MODBUS:LISTEN-ONLY -This signature detects attempts to force a Programmable Logic Controller (PLC) into listen-only mode, in which the PLC does not respond to request packetsSCADA:MODBUS:DOS - This signature detects attempts to force a Programmable Logic Controller (PLC) to restart. The PLC is unavailable while powering on
  • 23.
    STUXNET – THEFORMIDABLE CYBER WEAPONQ&A
  • 24.
    STUXNET – THEFORMIDABLE CYBER WEAPONThank you!

Editor's Notes

  • #3 As part of the Q4 announcement group we are expanding our data center initiatives in 2 important ways, in line with our overall data center networking vision and strategy:1/ We are expanding our guidelines for designing next generation data center infrastructures, building on the foundations of our network simplification approach introduced in 2008 (simplifying the network, collapsing network tiers, virtualizing infrastructure elements, and simplifying management designs). We are expanding by delivering techniques for sharing network infrastructures with unique features, intelligence and scale, end-to-end based on Junos. And we are introducing a framework for delivering comprehensive and consistently managed security infrastructures for the cloud.2/ As detail to support delivering on the vision we are introducing 5 new security solution modules and associated best practices and implementation guidance to protect the critical information flows and assets associated with highly virtualized and distributed cloud data center networks.The rest of the presentation fills out information supporting these important announcements.