enabling insecurity
play

Enabling Insecurity Dr. Stacy Prowell Chief Cyber Security Research - PowerPoint PPT Presentation

Oct 11, 2022 •486 likes •840 views

Enabling Insecurity Dr. Stacy Prowell Chief Cyber Security Research Scientist Oak Ridge National Laboratory TIMELINE Before Stuxnet 11 April 2008 Source : ZDNet Cyber posted a password ( 2WSXcder ) hard coded into the Siemens

  1. Enabling Insecurity Dr. Stacy Prowell Chief Cyber Security Research Scientist Oak Ridge National Laboratory

  2. TIMELINE

  3. Before Stuxnet • 11 April 2008 Source : ZDNet – “Cyber” posted a password ( 2WSXcder ) hard coded into the Siemens Step7 system, used for the back-end Simatic WinCC system’s SQL database. – Siemens: “Don’t change it, you’ll break stuff.” • 17 November 2008 – NSTB Report : “Common cyber security vulnerabilities observed in control system Source : assessments by the INL NSTB program.” http://iadt.siemens.ru/forum/viewtopic.php?p=2974&sid=58cedcf – Identifies three vulnerabilities… 3a0fc7a0b6c61c7bc46530928 • 20 November 2008 – Zlob trojan uses the .lnk vulnerability in Windows Explorer (autorun.inf) • April 2009 – Hackin9 article exposes the Windows print spooler vulnerability Source : NSTB Report

  4. Aside: Exploits and YouTube • MS08-067 (RPC vul) – Watch at: http://www.youtube.com/watch?v=EM2MBGbI84E • MS10-046 (.lnk vul) – Watch at: http://www.youtube.com/watch?v=r7QIsXvXrIo • MS10-061 (spooler exploit) – Watch at: http://www.youtube.com/watch?v=Fy0S9KMNjnY • MS10-073 (keyboard layout) – Watch at: http://www.youtube.com/watch?v=Hm1PFia7H_Q

  5. Stuxnet in Action • 4:30pm, 22 June 2009 – Stuxnet is compiled, and infects the first machine 12 hours later. – Does not use Siemens or .lnk vuls. • Jan 2010 – Stuxnet is signed with a valid RealTek Semiconductor (Taiwan) certificate. • May 2010 – Version 2 of Stuxnet, with all exploits and digital signature. Source : DigitalGlobe

  6. Stuxnet Discovered • June 2010 – VirusBlokAda discovers Stuxnet on machine in Iran. • 15 July 2010 – Stuxnet is public knowledge (Brian Krebs). – Stuxnet is signed with JMicron’s certificate, since RealTek’s has expired. – A distributed denial of service attack delays news of Stuxnet’s discovery. • August 2010 – Symantec reveals that Stuxnet injects code into PLC’s manufactured by Siemens. They report that Stuxnet is designed for sabotage. • November 2010 – Ali Akbar Salehi (MIT Ph.D. 1977), head of Iran’s Atomic Energy Organization, reports “Westerners sent a virus to our country’s nuclear sites. […] We discovered the virus […] because of our vigilance and prevented the virus from harming [anything].” Source : English Wikipedia

  7. The End • 24 June 2012 – Stuxnet self-destructs. • John Bumgarner claims to have found evidence of Stuxnet / Duqu active as far back as 2006… and to have connected it with Conficker.

  8. Source : http://www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html

  9. Others • 1 September 2011 – Duqu (~DQ files) • 28 May 2012 – Flame / Flamer / Skywiper – Most sophisticated malware yet discovered: 20MB – Contains a SQL database and a LUA virtual machine for scripting – Spreads by: USB, Network – Records: Audio, Keyboard, Screenshots, and Skype – Does Bluetooth beaconing to download data from nearby devices – Exploited a cryptographic weakness (MD5 collision) to sign itself • 16 August 2012 – Shamoon / Disttrack erases 30,000 Saudi Aramco workstations.

  10. STUXNET

  11. Why Was Stuxnet Interesting? 1. Used 8 different propagation methods. 2. Includes four zero-day exploits. 3. Used a stolen digital certificate. It crossed the “air gap.” 4. 5. It used replay to fool observers. 6. It used a rootkit to hide on infected computers. 7. Infected Step7 project files. 8. Replaced s7otbxdx.dll to automatically infect / disinfect. 9. Modified PLC code. 10. This is a template for future malware.

  12. The “Air Gap Principle” Critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. “In practical and operational terms, however, physically separating networks is not functionally nor operationally feasible in the real world.” – “Toward a more secure posture for industrial control system networks,” Paul Ferguson, Trend Micro http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_secure-posture-for-industrial-control-system-networks.pdf

  13. Spot the Air Gap! “In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network .” • Sean McGurk, DHS, Testimony to Source: Subcommittee on National Siemens SIMATIC Secruity Security Concept PCS 7 and WinCC (A5E02128732-01) http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=26462131&caller=view

  14. Since Stuxnet? • July 2011 – Basisk / Basisk hard-coded password in S7-300 (FW 2.3.4) yields a command shell. Now you can dump memory and reprogram. (NSS Labs) – Replay: Intercept commands from Step7 and play these commands back to another PLC. Such as STOP. S7-200, S7-300, S7-400, S7- 1200… – Authentication? Replay. Disable authentication? Replay. Sessions never expire… – So… Scan the network for devices with port 102 open…

  15. Lots More • Symantec report details how Stuxnet works, propagates, installs itself as a stored procedure in WinCC, etc.

  16. ACCESS

  17. The Web Is Your Frenemy • Nessus, nmap, and others scan networks for machines, open ports, and known vulnerabilities, so… – What if someone ran something like Nessus over the entire Internet? – And made those results easily searchable? • Some people have logins (username and password) for machines and sites, so… – What if someone created a place to upload the username / password for any site? – And made that database easily searchable?

  18. What’s Out There? https://shodanhq.com

  19. Logins? http://bugmenot.com

  20. Sure… But that’d never work.

  21. So… Have they got you? http://haveibeenpwned.com/

  22. Maybe. https://shouldichangemypassword.com/

  23. VULNERABILITY

  24. The Life of a Vulnerability

  25. The Life of a Vulnerability

  26. MALWARE

  27. Malware • Any non-trivial property of programs is undecidable . [Rice’s Theorem] – The halting problem – The malware detection problem • A perfect antimalware program cannot be constructed…

  28. Behavior • …But you can observe behavior. – Time consumed by processes on a machine. – Power transients on a machine. • Malware actually does make your computer run slower… and in very specific ways. – Hide process, kernel module, tinker with clock, hide files, record keystrokes, observe packets…

  29. Problems Have (Not) Been Solved

  30. RISK

  31. Risk Risk Threat Person | Circumstance | Event Vulnerability Weakness | Bug | Backdoor Consequence Loss | Damage Source : Sean McGruk , “Industrial Control System Security,” Presentation, 2008. http://tinyurl.com/23etw3x

  32. Risk Reduce the threat • Hackers | Insiders | States | Terrorists • Intelligence

  33. Risk Reduce the vulnerability • Weaknesses | Bugs | Backdoors • Formal / rigorous analysis • Secure coding techniques • Supply chain risk management

  34. Risk Reduce the consequences • Loss | Damage • Resiliency | Survivability • Rely on the physics of the system

  35. Stacy Prowell voice: +1 (865) 241-8874 • fax: +1 (865) 576-5943 prowellsj@ornl.gov THANK YOU! 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Food Insecurity in the World Strengthening the enabling environment to improve food security and

Food Insecurity in the World Strengthening the enabling environment to improve food security and

The State of Food Insecurity in the World Strengthening the enabling environment to improve food security and nutrition Food and Agriculture Organization of the United Nations European Commission Brussels, 16th October 2014

442 views • 30 slides
Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about

Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about

2010 MOWAA Annual Conference and EXPO Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about food insecurity? Older Americans: What are barriers to achieve food security? What are the consequences of

290 views • 4 slides
Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of

Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of

Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of Illinois ACES Distinguished Professor Department of Agricultural and Consumer Economics Defining Food Insecurity A households food insecurity

363 views • 35 slides
Food Insecurity Statistics Orange County 12.7% of households are food insecure There are

Food Insecurity Statistics Orange County 12.7% of households are food insecure There are

Food Insecurity Statistics Orange County 12.7% of households are food insecure There are 349,690 people living with food insecurity 1 in 5 children face food insecurity Source: (Feeding America. Map the Meal Gap 2013.) Child Poverty

554 views • 23 slides
OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame

OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame

Evaluate the LEVEL AND DYNAMICS OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame Zewga PROMOTER: Vector Jetten Mame Zewge Co-PROMOTERS: Dr. Ettema Janneke Dr. Dereje Meshesha Outline

578 views • 18 slides
Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The

Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The

Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The prevalence of food insecurity varied considerably among household types. Rates of food insecurity were higher than the national average (11.1%) for

298 views • 29 slides
Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A

Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A

Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A household-level economic and social condition of limited or uncertain access to adequate food. As of 2017, 7.3% of older adults in the

258 views • 11 slides
Food insecurity and health: Development and initial findings of a community research

Food insecurity and health: Development and initial findings of a community research

Food insecurity and health: Development and initial findings of a community research collaboration Sandi L. Pruitt June 26, 2017 Reduction of food insecurity, particularly at the severe level, is a public health concern and a modifiable

190 views • 15 slides
Stockholm Water Week Water stewardship different ways but same objectives Water insecurity

Stockholm Water Week Water stewardship different ways but same objectives Water insecurity

Stockholm Water Week Water stewardship different ways but same objectives Water insecurity an increasingly dominate factor for sustainable development Drivers of Water insecurity All sectors have a role Non-cooperation makes a bad

346 views • 11 slides
Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane

Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane

Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane Haskins What is Food In Insecurity? FOOD INSECURITY (food insecurity), n. Food insecurity is the limited or uncertain availability of

551 views • 23 slides
CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT

CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT

BlackHat USA 2011, Las Vegas Mario Vuksan & Tomislav Pericin, ReversingLabs CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT Constant Insecurity Maturing Code PE has been on Windows for 18

686 views • 41 slides
FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning

FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning

FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning Objectives 2 Session Participants will: Have increased understanding of the extent of food insecurity throughout the U.S. and in their local

803 views • 40 slides
SUSTAINABLE LAND MANAGEMENT IN ETHIOPIA: RESPONSE TO RURAL HOUSEHOLDS TENURE INSECURITY, LAND

SUSTAINABLE LAND MANAGEMENT IN ETHIOPIA: RESPONSE TO RURAL HOUSEHOLDS TENURE INSECURITY, LAND

SUSTAINABLE LAND MANAGEMENT IN ETHIOPIA: RESPONSE TO RURAL HOUSEHOLDS TENURE INSECURITY, LAND DEGRADATION AND FOOD INSECURITY PhD PROPOSAL DEFENSE BICHAYE TESFAYE Supervisors: Prof. Dr. Ir. J.A. Zevenbergen, Dr. Monica Lengoiboni and Dr.

1.71k views • 20 slides
Maternal Depression and Food Insecurity During Pregnancy Among Oregon Women Jacqueline T. Yates

Maternal Depression and Food Insecurity During Pregnancy Among Oregon Women Jacqueline T. Yates

Maternal Depression and Food Insecurity During Pregnancy Among Oregon Women Jacqueline T. Yates Thesis Defense MPH Candidate April 25, 2008 Outline Introduction and Background Food insecurity and antenatal depression Objectives

563 views • 32 slides
Food Insecurity & Health Hilary Seligman, MD, MAS, FACP April 20, 2012 Objectives 1.

Food Insecurity & Health Hilary Seligman, MD, MAS, FACP April 20, 2012 Objectives 1.

Food Insecurity & Health Hilary Seligman, MD, MAS, FACP April 20, 2012 Objectives 1. Briefly describe associations between food insecurity and health among children and adults 2. Using diabetes as a case example, discuss the intersection

560 views • 27 slides
The Growing Divide Inequality & the Roots of Economic Insecurity March 2014 One Milk St.,

The Growing Divide Inequality & the Roots of Economic Insecurity March 2014 One Milk St.,

The Growing Divide Inequality & the Roots of Economic Insecurity March 2014 One Milk St., 5th Floor, Boston, MA 02109 www.faireconomy.org info@faireconomy.org 617-423-2148 The Nation at a Crossroads H Growing Insecurity H

323 views • 31 slides
Status of the MAGIX Spectrometer Design Julian Mller MAGIX collaboration meeting 2017 Magneto

Status of the MAGIX Spectrometer Design Julian Mller MAGIX collaboration meeting 2017 Magneto

Status of the MAGIX Spectrometer Design Julian Mller MAGIX collaboration meeting 2017 Magneto Optic Design Design process Requirements internal gas target relative momentum resolution Analytical calculation < 10 4

827 views • 18 slides
Conductors in Equilibrium E = 0 inside the conductor. E at the surface is perpendicular to

Conductors in Equilibrium E = 0 inside the conductor. E at the surface is perpendicular to

Conductors in Equilibrium E = 0 inside the conductor. E at the surface is perpendicular to the surface. Potential inside conductor is a constant. Excess charge on the conductor must reside on the surface. Spherical conductor in

298 views • 9 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/08) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/08) I E S R C E O V U

Digital Systems Vias I CMPE 650 Vias A via in a printed circuit board can be used for mounting a through-hole component or for routing traces between layers. Electrically, both of these types have similar characteristics. Physically, the

522 views • 16 slides
Part III. Magnetics 12. Basic Magnetics Theory 13. Filter Inductor Design 14. Transformer

Part III. Magnetics 12. Basic Magnetics Theory 13. Filter Inductor Design 14. Transformer

Part III. Magnetics 12. Basic Magnetics Theory 13. Filter Inductor Design 14. Transformer Design 1 Fundamentals of Power Electronics Chapter 12: Basic Magnetics Theory Chapter 12. Basic Magnetics Theory 12.1. Review of basic magnetics

1.22k views • 72 slides
High Voltage Safety General Safety Instructions for High Voltage Machines W. Maes Department of

High Voltage Safety General Safety Instructions for High Voltage Machines W. Maes Department of

General Safety Instructions for High Voltage Machines High Voltage Safety General Safety Instructions for High Voltage Machines W. Maes Department of Marine Engineering Antwerp Maritime Academy HV, 2015 Willem Maes High Voltage Safety

942 views • 62 slides
Dual-use Models and Simulations for Emergency and Military Responders Interoperability in a

Dual-use Models and Simulations for Emergency and Military Responders Interoperability in a

Dual-use Models and Simulations for Emergency and Military Responders Interoperability in a Wildfire Scenario #ITEC2019 Agenda Global threats: who, what is at risk ? Threats to Critical Infrastructures Purpose and Objective

623 views • 30 slides
Maryland PATHWAYS 2020 Reference Scenario April 2, 2020 Tory Clark, Director Charles Li,

Maryland PATHWAYS 2020 Reference Scenario April 2, 2020 Tory Clark, Director Charles Li,

Maryland PATHWAYS 2020 Reference Scenario April 2, 2020 Tory Clark, Director Charles Li, Consultant Snuller Price, Senior Partner Agenda Background Policies Represented in the Reference Scenario 2020 Updates for the Reference

500 views • 16 slides
Space Utilization & Metrics Team Number: 26 Team Co-Leads: Sue Ossmann (Director of Workplace

Space Utilization & Metrics Team Number: 26 Team Co-Leads: Sue Ossmann (Director of Workplace

Space Utilization & Metrics Team Number: 26 Team Co-Leads: Sue Ossmann (Director of Workplace Experience; Endurance Group); Michelle Weiss (Associate Publisher, WorkDesign Magazine) Members: Adam Arsenault (Director of Operations, J Calnan);

532 views • 10 slides

More recommend