Hack in Paris conference: Weapons of mass destruction V41, Protecting country critical infrastructure, tracking and Implications of Stuxnet, provides a detailled view of the ICS attack on the Iran nuclear fuel enrichment plant.
8. Target Attacks
Phase Mass Attack Targeted Attack
Incursion Generic social engineering Handcrafted & personalized delivery
By-chance infection method
Discovery Typically no discovery Examination of the infected resource
Assumes pre-defined content Monitoring of the user
Predictable location Determine accessible resources, &
network enumeration
Capture Pre-defined specific data Manual analysis &
Matches a pre-defined pattern Inspection of the data
(IE credit card number)
Exfiltration Information sent to a dump Information sent back to the
site with little protection attacker Not stored in location for
Dump site is long term storage extended time period
9. What?
1. Windows Computer worm discovered in July 2010
2. 100k+ lines of code (complex)
3. 5 different exploits (4 MS vulnerabilities)
1. LNK File Bug – Initial auto exploitation via removable drive
2. Task Scheduler – Privilege Escalation VISTA+
3. Keyboard Layout – Privilege Escalation XP
4. Spooler / MOF Files – Spreading/Lateral Movement
5. SMB Vuln (MS08-067) – Spreading/Lateral Movement
4. Rootkit (hiding binaries)
9
26. Siemens Infections
Distribution of Infected Systems with Siemens Software
80.00
67.60
70.00
60.00
50.00
40.00
30.00
20.00 12.15
8.10 4.98
10.00 2.18 2.18 1.56 1.25
0.00
U
A
S
N
A
R
N
D
I
A
I
O
H
W
R
E
T
S
N
A
T
I
O
N
D
A
E
S
I
O
U
H
A
R
K
E
T
S
N
G
A
B
R
E
T
I
This is a sample Pie Chart slide, ideal for communicating product or market segmentation information. To Change Font Color/Size: Select text, right-click and adjust the font setting on the Mini toolbar . Select desired attributes to change: font, size, boldness, color, etc. Note: many of the same commands can also be accessed from the Font group of the Home tab. Edit Chart: Click the chart to edit and select the Chart Tools Design tab (or double-click on the chart). Click the Edit Data button to access the underlying Excel 2007 spreadsheet. Copying Data From a Separate Excel Spreadsheet: From an existing Excel spreadsheet, select the range of cells to be copied, select copy (Ctrl C). In PowerPoint, click the chart to edit and select the Chart Tools Design tab (or double-click on the chart.) Click the Edit Data button to open the spreadsheet for editing. Select all the data in the Chart in Microsoft Office PowerPoint spreadsheet by clicking the top left corner cell, right-click and select Delete Click in the first empty cell of the spreadsheet and paste (Ctrl V) to place the data copied from the other Excel file. Change Orientation: Click the chart to edit and select the Chart Tools Design tab (or double-click on the chart.) Click the Switch Row/Column button. If the Switch Row/Column button is disabled, click the Select Data button and then click the Switch Row/Column button from within the Select Data Source dialog box, click OK . La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
Countries other than Iran are likely to be collateral damage La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet
La Nuit du Hack Tracking and Implications of Stuxnet