SlideShare a Scribd company logo

Stuxnet worm

Download as PPTX, PDF
S
sommerville-videos

The Stuxnet worm was designed to target Siemens industrial control systems used in Iran's uranium enrichment centrifuges. It spread to these systems through infected USB drives and exploited multiple Windows vulnerabilities. It then took control of centrifuges and varied their speeds, damaging around 1,000 centrifuges and slowing Iran's nuclear program. While not intended to spread beyond Iran, it ended up infecting systems in other countries as well through file transfers.

TechnologyBusiness
1 of 18
Downloaded 564 times
1
2
3
Most read
4
5
6
7
8
Most read
9
10
11
12
Most read
13
14
15
16
17
18
Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
Stuxnet SCADA attack, 2013 Slide 2
Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
The target of the worm Stuxnet SCADA attack, 2013 Slide 5
The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
Stuxnet SCADA attack, 2013 Slide 7
Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
Stuxnet SCADA attack, 2013 Slide 14
Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
• One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18

More Related Content

PPT
Stuxnet - Case Study
Amr Thabet
 
PPTX
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
PDF
SCADA Security Presentation
Filip Maertens
 
PDF
ICS security
Ahmed Shitta
 
PDF
Stuxnet
Shishir Aryal
 
PDF
Cyber Attack Methodologies
Geeks Anonymes
 
PDF
Nist 800 82
majolic
 
PDF
Security in Cyber-Physical Systems
Bob Marcus
 
Stuxnet - Case Study
Amr Thabet
 
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
SCADA Security Presentation
Filip Maertens
 
ICS security
Ahmed Shitta
 
Stuxnet
Shishir Aryal
 
Cyber Attack Methodologies
Geeks Anonymes
 
Nist 800 82
majolic
 
Security in Cyber-Physical Systems
Bob Marcus
 

What's hot (20)

PPTX
The Stuxnet Virus FINAL
Nicholas Poole
 
PPTX
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
PPSX
Stuxnet - More then a virus.
Hardeep Bhurji
 
PPT
I Heart Stuxnet
Gil Megidish
 
PPT
Port Scanning
amiable_indian
 
PPTX
WannaCry Ransomware
Zoho Corporation
 
PDF
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
PPTX
Cyber attack
Manjushree Mashal
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Pen Testing Explained
Rand W. Hirt
 
PPTX
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPT
Stuxnet flame
Santosh Khadsare
 
PPT
Stuxnet dc9723
Iftach Ian Amit
 
PPTX
Introduction to Malware Analysis
Andrew McNicol
 
PDF
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
PDF
Stuxnet
Symantec
 
PPT
Penetration Testing Basics
Rick Wanner
 
PDF
Network Forensic
Sujeet Kumar
 
PPTX
Malware- Types, Detection and Future
karanwayne
 
PPT
Intrusion detection system ppt
Sheetal Verma
 
The Stuxnet Virus FINAL
Nicholas Poole
 
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
Stuxnet - More then a virus.
Hardeep Bhurji
 
I Heart Stuxnet
Gil Megidish
 
Port Scanning
amiable_indian
 
WannaCry Ransomware
Zoho Corporation
 
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
Cyber attack
Manjushree Mashal
 
Introduction to penetration testing
Nezar Alazzabi
 
Pen Testing Explained
Rand W. Hirt
 
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Stuxnet flame
Santosh Khadsare
 
Stuxnet dc9723
Iftach Ian Amit
 
Introduction to Malware Analysis
Andrew McNicol
 
Stuxnet, a malicious computer worm
Sumaiya Ismail
 
Stuxnet
Symantec
 
Penetration Testing Basics
Rick Wanner
 
Network Forensic
Sujeet Kumar
 
Malware- Types, Detection and Future
karanwayne
 
Intrusion detection system ppt
Sheetal Verma
 
Ad

Viewers also liked (19)

PDF
Mission Critical Security in a Post-Stuxnet World Part 1
Byres Security Inc.
 
PPTX
Security case buffer overflow
Ian Sommerville
 
PDF
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
PPTX
Architectural patterns for real-time systems
sommerville-videos
 
PPTX
Cybersecurity 2 cyber attacks
sommerville-videos
 
PPTX
TrustDavis on ethereum
aatkin1971
 
PDF
Stuxnet - A weapon of the future
Hardeep Bhurji
 
PDF
How stuxnet spreads – a study of infection paths in best practice systems
Yury Chemerkin
 
PPS
Conficker
Bobmathews
 
PPTX
Stuxnet
shiva_sathish
 
DOCX
1
Indresh Upadhyay
 
PPTX
Hedly
H00236925
 
PDF
CMIS 320 RESEARCH PAPER
HamesKellor
 
PDF
Entrevista Hector Robles revista MED PLUS n99
Hector Robles
 
PDF
Useful facts
bc dalai
 
PDF
CMIT 321 WEEK 2 QUIZ
HamesKellor
 
PDF
Chapter 8
uabir
 
PDF
Mission Critical Security in a Post-Stuxnet World Part 2
Byres Security Inc.
 
PDF
A Stuxnet for Mainframes
Cheryl Biswas
 
Mission Critical Security in a Post-Stuxnet World Part 1
Byres Security Inc.
 
Security case buffer overflow
Ian Sommerville
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
Architectural patterns for real-time systems
sommerville-videos
 
Cybersecurity 2 cyber attacks
sommerville-videos
 
TrustDavis on ethereum
aatkin1971
 
Stuxnet - A weapon of the future
Hardeep Bhurji
 
How stuxnet spreads – a study of infection paths in best practice systems
Yury Chemerkin
 
Conficker
Bobmathews
 
Stuxnet
shiva_sathish
 
1
Indresh Upadhyay
 
Hedly
H00236925
 
CMIS 320 RESEARCH PAPER
HamesKellor
 
Entrevista Hector Robles revista MED PLUS n99
Hector Robles
 
Useful facts
bc dalai
 
CMIT 321 WEEK 2 QUIZ
HamesKellor
 
Chapter 8
uabir
 
Mission Critical Security in a Post-Stuxnet World Part 2
Byres Security Inc.
 
A Stuxnet for Mainframes
Cheryl Biswas
 
Ad

Similar to Stuxnet worm (20)

PPTX
13-hamedHanymohamedHany-date-2025 5 10.pptx
FutureTechnologies3
 
PDF
SCADA White Paper March2012
James Collinge, CISSP
 
PPTX
10-5-202510-5-202510-5-202510-5-2025.pptx
FutureTechnologies3
 
PPTX
Stuxnets
Alek Kwek
 
DOCX
Cyber
jarajana
 
PDF
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 
PDF
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Neelabh Rai
 
PDF
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
PPTX
Stuxnet
atif zaidi
 
PPTX
Infrastructure Attacks - The Next generation, ESET LLC
Infosec Europe
 
PPTX
2012 02 14 Afcom Presentation
Eric Gallant
 
PDF
The story behind the stuxnet virus bruce schneier
Aykut Özmen
 
PDF
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
 
PDF
Would a wanna cry make the industry wanna cry Mysore and Lear
NSW Environment and Planning
 
PDF
Symantec Intelligence Quarterly Report - October - December 2010
Symantec
 
PPTX
SIC_gr5.pptx
ankitpal228942
 
PDF
Digital danger zone tackling cyber security
John Kingsley
 
PDF
Digital danger zone tackling cyber security
iFluidsEng
 
PPTX
stuxnet ppt .pptx
YogeshChaubey2
 
PDF
News letter aug 11
captsbtyagi
 
13-hamedHanymohamedHany-date-2025 5 10.pptx
FutureTechnologies3
 
SCADA White Paper March2012
James Collinge, CISSP
 
10-5-202510-5-202510-5-202510-5-2025.pptx
FutureTechnologies3
 
Stuxnets
Alek Kwek
 
Cyber
jarajana
 
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Neelabh Rai
 
The stuxnet computer worm. harbinger of an emerging warfare capability
Yury Chemerkin
 
Stuxnet
atif zaidi
 
Infrastructure Attacks - The Next generation, ESET LLC
Infosec Europe
 
2012 02 14 Afcom Presentation
Eric Gallant
 
The story behind the stuxnet virus bruce schneier
Aykut Özmen
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
 
Would a wanna cry make the industry wanna cry Mysore and Lear
NSW Environment and Planning
 
Symantec Intelligence Quarterly Report - October - December 2010
Symantec
 
SIC_gr5.pptx
ankitpal228942
 
Digital danger zone tackling cyber security
John Kingsley
 
Digital danger zone tackling cyber security
iFluidsEng
 
stuxnet ppt .pptx
YogeshChaubey2
 
News letter aug 11
captsbtyagi
 

More from sommerville-videos (20)

PPTX
Introduction to real time software systems script
sommerville-videos
 
PPTX
System of systems classification
sommerville-videos
 
PPTX
Reuse landscape
sommerville-videos
 
PPTX
Introduction to systems of systems
sommerville-videos
 
PPTX
Scaling agile
sommerville-videos
 
PPTX
Agile methods for large systems
sommerville-videos
 
PPTX
User stories
sommerville-videos
 
PPTX
Agile and plan based development processes
sommerville-videos
 
PPTX
Fundamental software engineering activities
sommerville-videos
 
PPTX
Introducing Software Engineering
sommerville-videos
 
PPTX
Why se script
sommerville-videos
 
PPTX
Ariane 5 launcher failure
sommerville-videos
 
PPTX
Airbus Flight Control System
sommerville-videos
 
PPTX
Warsaw airbus accident
sommerville-videos
 
PPTX
Stakeholders, viewpoints and concerns
sommerville-videos
 
PPTX
Requirements engineering processes
sommerville-videos
 
PPTX
Requirements engineering challenges
sommerville-videos
 
PPTX
Intro to requirements eng.
sommerville-videos
 
PPTX
Emergent properties
sommerville-videos
 
PPTX
Introducing sociotechnical systems
sommerville-videos
 
Introduction to real time software systems script
sommerville-videos
 
System of systems classification
sommerville-videos
 
Reuse landscape
sommerville-videos
 
Introduction to systems of systems
sommerville-videos
 
Scaling agile
sommerville-videos
 
Agile methods for large systems
sommerville-videos
 
User stories
sommerville-videos
 
Agile and plan based development processes
sommerville-videos
 
Fundamental software engineering activities
sommerville-videos
 
Introducing Software Engineering
sommerville-videos
 
Why se script
sommerville-videos
 
Ariane 5 launcher failure
sommerville-videos
 
Airbus Flight Control System
sommerville-videos
 
Warsaw airbus accident
sommerville-videos
 
Stakeholders, viewpoints and concerns
sommerville-videos
 
Requirements engineering processes
sommerville-videos
 
Requirements engineering challenges
sommerville-videos
 
Intro to requirements eng.
sommerville-videos
 
Emergent properties
sommerville-videos
 
Introducing sociotechnical systems
sommerville-videos
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
A Presentation on Artificial Intelligence
memembruh336
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Stuxnet worm

  • 1. Cybersecurity Case Study STUXNET worm Stuxnet SCADA attack, 2013 Slide 1
  • 2. Stuxnet SCADA attack, 2013 Slide 2
  • 3. Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial control systems for equipment made by Siemens. • These systems are used in Iran for uranium enrichment – • Enriched uranium is required to make a nuclear bomb The aim of the worm was to damage or destroy controlled equipment Stuxnet SCADA attack, 2013 Slide 3
  • 4. What is a worm? • Malware that can infect a computerbased system and autonomously spread to other systems without user intervention • Unlike a virus, no need for a carrier or any explicit user actions to spread the worm Stuxnet SCADA attack, 2013 Slide 4
  • 5. The target of the worm Stuxnet SCADA attack, 2013 Slide 5
  • 6. The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers for uranium enrichment centrifuges • Very specific targeting – only aimed at Siemens controllers for this type of equipment • It can spread to but does not damage other control systems Stuxnet SCADA attack, 2013 Slide 6
  • 7. Stuxnet SCADA attack, 2013 Slide 7
  • 8. Worm actions • Takes over operation of the centrifuge from the SCADA controller • Sends control signals to PLCs managing the equipment • Causes the spin speed of the centrifuges to vary wildly, very quickly, causing extreme vibrations and consequent damage • Blocks signals and alarms to control centre from Stuxnet SCADA attack, 2013 local PLCs Slide 8
  • 9. Stuxnet penetration • Initially targets Windows systems used to configure the SCADA system • Uses four different vulnerabilities to affect systems – Three of these were previously unknown – So if it encounters some systems where some vulnerabilities have been fixed, it still has the potential to infect them. – Spread can’t be stopped by fixing a single vulnerability Stuxnet SCADA attack, 2013 Slide 9
  • 10. Stuxnet technology • Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system. • Uses a vulnerability in the print system to spread from one machine to another • Uses peer-to-peer transfer – there is no need for systems to be connected to the Internet Stuxnet SCADA attack, 2013 Slide 10
  • 11. The myth of the air gap • Centrifuge control systems were not connected to the internet • Initial infection thought to be through infected USB drives taken into plant by unwitting system operators – Beware of freebies! Stuxnet SCADA attack, 2013 Slide 11
  • 12. Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) enrichment shutdown while the worms were cleared from equipment Stuxnet SCADA attack, 2013 Slide 12
  • 13. Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited, the access to expensive centrifuges and the very specific targeting, it has been suggested that this is an instance of cyberwar by nation states against Iran Stuxnet SCADA attack, 2013 Slide 13
  • 14. Stuxnet SCADA attack, 2013 Slide 14
  • 15. Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and Azerbaijhan Stuxnet SCADA attack, 2013 Slide 15
  • 16. Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • These use the same vulnerabilities to infect systems but they behave in different ways Stuxnet SCADA attack, 2013 Slide 16
  • 17. • One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers. Stuxnet SCADA attack, 2013 Slide 17
  • 18. Summary • Stuxnet worm is an early instance of cyberwarfare where SCADA controllers were targeted • Intended to disrupt Iran’s uranium enrichment capability by varying rotation speeds to damage centrifuges • Used a range of vulnerabilities to infect systems Stuxnet SCADA attack, 2013 Slide 18