Thursday, December 12, 2019
Website Defacement Stuxnet
Question: Discuss about the Website Defacement for Stuxnet. Answer: Introduction The creation of Stuxnet virus is unknown but the adverse effect of this are the most terrifying in the digital world. Stuxnet virus was made in such a way that it would affect the systems which can meet its requirements and not others. In order to attack, it needs to get .Ink file and later create a rootkit to hide itself from any antivirus so it becomes very difficult to remove it from the system. Threat Profile Stuxnet is a Trojan virus which basically targets any system running on WinCC SCADA software. As it a Trojan, it just needs to launched over the internet and it can spread on its own. With the help of CVE-2010-2568 code, it allows arbitrary code execution via a crafted .ink file. This virus is noted to spread from systems to systems with the help of removable USB drives (Edwards, 2014). Threat name The name of the threat from which many countries suffered in many ways is Stuxnet which was first discovered in the year of 2010. Previously it was named Rootkit.Tmphider. Later it changed to W32.Temphid which later again changed to W32.Stuxnet (Kushner, 2013). System it Attacks Stuxnet usually does not attack every system. It is meant to attack the system which met the specific requirement for the Trojan to attack. Among its main target, it includes Windows Operating system, Siemens PCS 7, WinCC and Step7 industrial software applications that usually runs on Windows and Siemens S7 PLCs are its main target. It can also attack any system which contains the Remote Code execution vulnerability present (Hagerott, 2014). Threat Performance Stuxnet is declared as the most advanced and the most engineered form of malware that ever to be created. The main purpose of Stuxnet is to take control of the industrial facilities. However usually a virus is meant to attack any computer who runs the software but in case of Stuxnet, it can spread like wild fire and attack a system which has Remote Code Execution Vulnerability present in it. Due to this attack, it gets an advantage as it can be controlled by the hacker from any part of the world (Kushner, 2013). In order to start its work, it firstly needs two different legitimate certificates signed by well known companies so that it does not get detected by any antivirus. After it makes its way into the system, it first exploits the .Ink vulnerability to run and after this it installs a rootkit so that it can make itself well hid in the system (Lindsay, 2013). Mitigation Techniques There are several mitigation techniques that can be applied in order to avoid the Stuxnet before hitting the system. Some are mentioned below: Isolating command and control networks from shared public networks so that it may not come into the system as public networks are shared by many people so Stuxnet can be easily deployed and can get access to any system. Password and access control should be changed on a regular basis and giving access control to unknown application should be avoided. If the access is permitted, then there is no need of changing the password as it is remotely accessed by some other users (Hagerott, 2014). Patching and Compliance is also important as companies should try to provide patch for the computer systems in order to fix any vulnerability that is present. Anti-virus should be updated always as with every new antivirus definition, it can detect any vulnerability that is present in the system. Intrusion detection system should be installed over the network so that it can stop the virus even before entering the users system (Lindsay, 2013). Laws and Regulation Health Insurance Portability and Accountability Act Data Quality Act Consumer Data Security and Notification Act International Scope Stuxnet has greatly affected many countries in many ways. As it is a Trojan, it sends all the information to the creator. It has affected Iran when it was injected to in their nuclear facilities and due to this it crippled the whole system. Reflection The origin of Stuxnet is still a mystery. It is the most engineered form of virus that ever to be created and is the most complicated one that still haunts many users worldwide. If Stuxnet hit any system, it becomes impossible to remove the virus and the system can be accessed by someone remotely. Risk Calculation Stuxnet has hit many countries including Iran, India, Pakistan, United States, Indonesia and many other countries. It is so dangerous that it can cripple down any system or worse the system will be in control of someone who can access all its files remotely. Conclusion The creation of Stuxnet is considered to be the work of a marksmanship as it does not affect every computer. It is intended for specific computers and their main targets are the Windows system and the systems which have Remote code execution vulnerability present in them. Due to this vulnerability, hackers can access the victims computer remotely and get information without even notifying them. Removal of Stuxnet is nearly impossible and without proper tools, it will just multiply itself within the system. References Edwards, C. I. P. M. (2014). An analysis of a cyberattack on a nuclear plant: The stuxnet worm.Critical Infrastructure Protection,116, 59. Hagerott, M. (2014). Stuxnet and the vital role of critical infrastructure operators and engineers.International Journal of Critical Infrastructure Protection,7(4), 244-246. Kushner, D. (2013). The real story of stuxnet.ieee Spectrum,3(50), 48-53. Lindsay, J. R. (2013). Stuxnet and the limits of cyber warfare.Security Studies,22(3), 365-404.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment