1 / 8

Stuxnet Malware Attribution

Stuxnet Malware Attribution. Mike Albright CS 591 Fall 2010. Stuxnet Background. 3 zero-day Windows vulnerabilities leveraged Designed to attack Programmable Logic Controllers ( PLCs ) SCADA = supervisory control and data acquisition

parvani
Download Presentation

Stuxnet Malware Attribution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010

  2. Stuxnet Background • 3 zero-day Windows vulnerabilities leveraged • Designed to attack Programmable Logic Controllers (PLCs) • SCADA = supervisory control and data acquisition • Leveraged SIMATIC (Siemens) WinCC/Step 7 control software vulnerabilities • Changes configurations of controlled PLCs • Required specific brands of variable-frequency drives (VFD) manufactured in either Finland or Iran

  3. Stuxnet Background • Exploit Code > 500KB • USB stick distribution • Receives updates from 2 command-and-control servers (since disabled) • Receives updates from peer-to-peer network • Sophisticated design, expensive to create • 8 to 10 people • 6 months to write/test

  4. StuxnetDistribution • Malware Distribution (by country based on WAN IP) • Iran – 60K+ • Indonesia – 10K+ • India – <10K • China – 6M+ (1K business IPs) • Target speculation • Iran’s nuclear program • India’s space program

  5. Stuxnet Infections (Symantec)

  6. Stuxnet Attribution • Government? • Israel (Obvious clues within code) • U.S. • Funded organization? • Russian contractors for Iran’s nuclear program • Criminal? • Sabotage v. Extortion

  7. Malware Attribution Challenges • Law enforcement entities • Demonstrate financial loss • Nuisance v. criminal activity • Private RCA • Risk of incrimination • Code source • Who ‘owns’ the botnet? • Who loaded the USB sticks?

  8. Sources • Bruce Schneier Blog, 7-Oct-2010: http://www.schneier.com/blog/archives/2010/10/stuxnet.html • Symantec Stuxnet Dossier, v 1.3 (November 2010): http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf • Stuxnet: Fact vs. theory, CNET article, 5-Oct-2010: http://news.cnet.com/8301-27080_3-20018530-245.html • Clues emerge about genesis of Stuxnet worm, The Christian Science Monitor, 1-Oct-2010: http://www.csmonitor.com/World/terrorism-security/2010/1001/Clues-emerge-about-genesis-of-Stuxnet-worm

More Related