zero days in stuxnet
TRANSCRIPT
ZERO DAYS IN STUXNET
INTRODUCTION OF STUXNET
• SURFACED: in Belarus, at WILDERS SECURITY FORUMS on 17 JUNE 2017,BY ERGEY ULASEN.
• SAID: “VIRUS INFECTS O.S. IN UNUSUAL WAY THROUGH VULNERABILITY. VERY DANGEROUS.”
INTRODUCTION OF STUXNET
• SCENARIO:
AGENCIES INVOLVED IN UNEARTHING THE TRUTH
1. ERIC CHAN FROM SYMENTEC.2. LIAM O’MURCHU FROM SYMENTEC.3. EUGENE KASPERSKY
MECHANISM
• Spread:
• Zero days:
• Isolated network:
• Version: 0.3 TO 1.1
MECHANISM
• DIGITAL SIGNATURE THEFT OF MICROSOFT TO IMPLEMENT ZERO DAYS.
MECHANISM
• PROGRAMMABLE LOGIC CONTROLS(PLCs) ARE IN CROSS HAIR.
• USE MAGIC NUMBERS.
MECHANISM
• PAYLOAD IS DESIGNED TO MANUPULATE FREQUENCY IN STEALTHY AND SMART MANNNER.
PAYLOAD
WHY ZERO DAYS WITHIN STUXNET?
• CAUSE IT WAS MOST AGGERESSIVE AND MORE COMMUNICABLE WITH 4 ZERODAYs IN IT.
MAJOR SPECULATIONS
• INVOLVEMENT OF NATION STATE. CAUSE IT HAVE KILL DATE.
WHY?
• SUCH COMPLEX AND MARBLE FEET “ONLY FOR SPECIFIC PURPOSE”.
• RESOURCE NEEDED TO MAKE BEYOND REACH OF NORMAL PEOPLE.
MAJOR SPECULATIONS
• FIRST 5 INFECTIONS TRACED, ALL 5 IN NATANG NUCLEAR FACILITY OF IRAN.
THREAT FROM NEW REALM: critical infrastructure
STUXNET THAT MADE NOISE!• VERSION 1.1
• HAD 4 ZERO DAYS.
• BLEW THE COVER.
• WAS CAUGHT BY ANTIVIRUS COMPANIES.
• Still in AIR.
CONCLUSION
• REQUIRES A CYBER WEAPON TREATY, JUST LIKE WE HAVE FOR NUCLEAR,BIOLOGICAL,CHEMICAL WEAPONS.
• HIDE SECRECY, BUT DON’T HIDE BEHIND SECRECY.
REFERANCE:-
• Mark Clayton. Stuxnet cyberweapon looks to be one on a production line, researcherssay. Technical report, World WideWeb,http://www.csmonitor.com/USA/2012/0106Stuxnet-cyberweapon-looks-to-be-%one-on-a-production-line-researchers-say,January 2012.
• Ralph Langner et. al. The blog of langner.com. Technical report, WorldWideWeb,http://www.langner.com/en/blog/.
• Nuclear Threat Initiative. Iran’s profile. Technical report, WorldWideWeb,http://www.nti.org/countryprofiles/iran/nuclear/, March 2012.