ZERO DAYS IN STUXNET

INTRODUCTION OF STUXNET

• SURFACED: in Belarus, at WILDERS SECURITY FORUMS on 17 JUNE 2017,BY ERGEY ULASEN.

• SAID: “VIRUS INFECTS O.S. IN UNUSUAL WAY THROUGH VULNERABILITY. VERY DANGEROUS.”

INTRODUCTION OF STUXNET

• SCENARIO:

AGENCIES INVOLVED IN UNEARTHING THE TRUTH

1. ERIC CHAN FROM SYMENTEC.2. LIAM O’MURCHU FROM SYMENTEC.3. EUGENE KASPERSKY

MECHANISM

• Spread:

• Zero days:

• Isolated network:

• Version: 0.3 TO 1.1

MECHANISM

• DIGITAL SIGNATURE THEFT OF MICROSOFT TO IMPLEMENT ZERO DAYS.

MECHANISM

• PROGRAMMABLE LOGIC CONTROLS(PLCs) ARE IN CROSS HAIR.

• USE MAGIC NUMBERS.

MECHANISM

• PAYLOAD IS DESIGNED TO MANUPULATE FREQUENCY IN STEALTHY AND SMART MANNNER.

PAYLOAD

WHY ZERO DAYS WITHIN STUXNET?

• CAUSE IT WAS MOST AGGERESSIVE AND MORE COMMUNICABLE WITH 4 ZERODAYs IN IT.

MAJOR SPECULATIONS

• INVOLVEMENT OF NATION STATE. CAUSE IT HAVE KILL DATE.

WHY?

• SUCH COMPLEX AND MARBLE FEET “ONLY FOR SPECIFIC PURPOSE”.

• RESOURCE NEEDED TO MAKE BEYOND REACH OF NORMAL PEOPLE.

MAJOR SPECULATIONS

• FIRST 5 INFECTIONS TRACED, ALL 5 IN NATANG NUCLEAR FACILITY OF IRAN.

THREAT FROM NEW REALM: critical infrastructure

STUXNET THAT MADE NOISE!• VERSION 1.1

• HAD 4 ZERO DAYS.

• BLEW THE COVER.

• WAS CAUGHT BY ANTIVIRUS COMPANIES.

• Still in AIR.

CONCLUSION

• REQUIRES A CYBER WEAPON TREATY, JUST LIKE WE HAVE FOR NUCLEAR,BIOLOGICAL,CHEMICAL WEAPONS.

• HIDE SECRECY, BUT DON’T HIDE BEHIND SECRECY.

REFERANCE:-

• Mark Clayton. Stuxnet cyberweapon looks to be one on a production line, researcherssay. Technical report, World WideWeb,http://www.csmonitor.com/USA/2012/0106Stuxnet-cyberweapon-looks-to-be-%one-on-a-production-line-researchers-say,January 2012.

• Ralph Langner et. al. The blog of langner.com. Technical report, WorldWideWeb,http://www.langner.com/en/blog/.

• Nuclear Threat Initiative. Iran’s profile. Technical report, WorldWideWeb,http://www.nti.org/countryprofiles/iran/nuclear/, March 2012.