Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Stuxnet

    Enviado por

    Irza Arif
    30 visualizações2 páginas
    Summary

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Summary

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    30 visualizações2 páginas

    Stuxnet

    Enviado por

    Irza Arif
    Summary

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 2

    Executive Summary

    Stuxnet is one of the most complex and powerful examples of malware ever produced.
    Rather than just stealing the information from targeted computers, it specifically targeted
    industrial control systems that were used to monitor and control industrial facilities of
    greater political importance. Three years after it was discovered, Stuxnet, the first
    publicly disclosed cyber weapon, continues to mystify military strategists, computer
    security experts, political decision-makers, and the general public. Available evidences
    strongly suggest that Stuxnet was developed by US and Israeli Government to target the
    Iranian nuclear program. Stuxnets actual impact on the Iranian nuclear program is
    unclear, if only for the fact that no information is available on how many controllers were
    actually infected. According to Langner, the capability was there to cause massive
    damage all in one go but instead the attackers didnt go this way. This cyber attack
    delayed the Iranian nuclear program by number of weeks.
    In Microsoft windows, Stuxnet propagate to look for Seimens step 7 software that control
    PLC. The worm exploits zero day vulnerabilities of the targeted systems controllers,
    that have not been identified by security experts.
    Comprehensive research on the Stuxnet malware reveals that Stuxnet is not really one
    weapon, but two. It contained two different attack routines. In 2008, the first and
    original payload attempted to over pressurize Natanzs centrifuges by sabotaging the
    system meant to keep the cascades of centrifuges safe. The malwares earlier version had
    to be physically installed on a victim machine, most likely a portable engineering system,
    or it had to be passed on a USB drive carrying an infected configuration file for Siemens
    controllers. In other words, it needed to be disseminated deliberately by an agent of the
    attackers. The intent of the overpressure attack was more likely to increase rotor stress,
    thereby causing rotors to break early but not necessarily during the attack run. The
    results of the overpressure attack are unknown. Whatever they were, the attackers decided
    to try something different in 2009.
    The vast majority of the attention has been paid to Stuxnets second smaller and simpler
    attack routine the one that changes the speeds of the rotors in a centrifuge, which is
    used to enrich uranium. This attack tried to cause centrifuge rotors to spin too fast and at
    speeds that would cause them to break. The new Stuxnet came equipped with stolen
    digital certificates, which allowed the malicious software to pose as legitimate driver
    software and thus not be rejected by newer versions of the Windows operating system.

    Stuxnet counts as one of the most misunderstood cyber-physical attack ever documented.
    For instance, Stuxnet did not escape the Natanz facility by using the internet. Instead it
    propagated through network shares which got out of Iran. Attackers did not have
    capability to stop the campaign. This could only have been achieved by reconfiguration of
    controller with legitimate code.
    Attackers of Stuxnet provide a methodology for cyber physical attack engineering.
    Most people think this was to attack a uranium enrichment plant and if I don't operate that
    I'm not at risk. This is completely wrong. The attack is executed on Siemens controllers
    and they are general purpose products. So the same products can be found in a power
    plant, even in elevators. Just the ability to inject rogue code on such a controller is a very
    big problem. If an attacker just copies the way it's done in Stuxnet, this is the entry ticket
    to mess with controllers. Langner stated, If they are able to determine cyber
    manipulations which reliably exploit physical vulnerability, they have arrived at what I
    call a plant-level vulnerability, for which Stuxnet gives the perfect example. Getting there
    requires looking at cyber and physical systems in the context of the plant and its physical
    processes; a approach waiting to be adopted in cyber defense. Langner have a very
    critical stance against antivirus vendors and other defensive technology such as intrusion
    detection systems.
    Finally Langner concluded on the difficult to defend cyber attack by making a good point
    about cyber offense and cyber defense. The former can be achieved through military
    protocols given a budget. The latter is more difficult. Langner stated, At the same time,
    cyber defense of critical national infrastructure is expected to be implemented voluntarily
    by a dispersed private sector that feels little less desire to address matters of national
    security by ill-coordinated risk management exercises that negatively affect the bottom
    line.

    Você também pode gostar