jonathan pollet conference part 2 stuxnet apt style
play

Jonathan Pollet conference Part 2: Stuxnet APT-Style Attacks on - PowerPoint PPT Presentation

Oct 06, 2022 •13 likes •223 views

Rome, May 31, 2011 Jonathan Pollet conference Part 2: Stuxnet APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1 speaker Jonathan

  1. Rome, May 31, 2011 Jonathan Pollet conference Part 2: Stuxnet

  2. APT-Style Attacks on SCADA Systems Stuxnet … Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1

  3. speaker — Jonathan Pollet, CISSP, CAP, PCIP — Started as a Control Systems Engineer for Chevron — 12 years in Electrical Engineering / SCADA — Began conducting research into Control Systems Security in 2001 — Performed over 150 field assessments of SCADA, DCS, and Control Systems since 2001 — Participant, developer, or reviewer of Control System Security Standards — SCADA Security Trainer / Instructor — Co-Developed the 5-day SCADA Security Advanced course offered through Red Tiger Security and the SANS Institute — Co-Developed the 2-day course entitled “Building, Attacking and Defending SCADA Systems in the Age of Stuxnet” offered through Red Tiger Security and BlackHat 2

  4. outline (10 mins) — Quick introduction to APT (Advanced Persistent Threat) style attacks — Initial Attack vector leverages Social Engineering and Social Networking sites — Malware still favorite initial attack vector — The role of C&C in these modern attacks — Night Dragon (staged over 18 to 24 months) — Stuxnet — Q & A 3

  5. security is more than just passwords and locks 4

  6. APT – Techniques / Tradecraft — OSINT — Social Engineering — Targeted “Spear Phishing” — Malicious Attachments — USB devices — Websites 5

  7. targeted spear phishing — Require in-depth knowledge of target — Sophistication based on posted / known information — Used to leverage people / groups 6

  8. Malicious attachments (malware) — PDF — MS Products — Word, Excel, etc… — The usual suffixes… — mp3, exe, lnk, dll, mov, com, mp4, bat, cmd, reg, rar, emf, shs, js, vb, yourcompany.com.zip, cab, mda, zip, mdb, scr, aiff, mde, cpl, msi, vbs, aif, m4p, msp, fdf, mdt, sys, wmf, hlp, hta, pif, jse, qef, scf, chm, <#>.txt, wsf, fli, vbe 7

  9. APT – Targeted Attacks 8

  10. malware (Con’t) General Attacks Malware Other 66,8% Phishing 7,7% Physical Loss 8,6% 3,1% Denial of Service 11,8% 1,8% Unauthorized Access 0,2% Attempt Inappropriate Use hIp://www.f ‐ secure.com/weblog/archives/00001676.html 9

  11. Command and Control (C&C) — Leverages communication systems to relay messages — Command Vectors — Twitter — IRC — Facebook — Google Groups 10

  12. Staged attack — Series of weeks/months to fully compromise a system — Incremental uploads/downloads/ xchanges — Results are fully “rooted” devices — Random “radio” silence — Remain hidden, 11

  13. APT – Phased Compromise Command Exfiltration / Initiation & Control Propagation Hosts / Discovery Devices 0Day / Spread Vuln Radio First Silence Contact Orders Infect Collect Data Transmit 12

  14. Stuxnet • Jmicron Certificate • Realtek • Initial infection vector • USB USB replication (x3) • 4 unique Vulns Windows • Each found on 0day most MS 2003 • Discovers PLC Rogue PLC Device logic • Pushes new logic 13

  15. Stuxnet — 2 Privileges Escalation Vulnerabilities — SMB – MS08-067 — Print Spooler — CVE-2010-2729 — MS10-061 — USB Proliferation Vulnerability BID 41732 + ~WTR4141.tmp — ~WTR4132.tmp — 14

  16. Stuxnet targeted a difficult protocol / system… > Modbus would be a walk in the park 15

  17. Mitigation Strategy Real world solutions to combat the APT Threat 16

  18. Defence Strategy — Conduct External/Internal Security Assessments What you don’t know can STILL hurt you — Assessments from External / Internal perspective — — Education / Awareness Training — Regular Briefings — Foster environment of Security / Communication — INTRA Departmental — — Security Bulletins Weekly reminders — Trends — — Advanced Persistent Diligence Continuous Security Monitoring — 17

  19. Event Horizon What do we see on the way 18

  20. The Horizon — Mutating Bots / Command & Control — Quiet installation — Obfuscated Exfiltration (HTTP, DNS, Masked) — Directed Social Engineering — Staggered Attack — Combined with other styles — Building relationships over time — Leverage of Social Networks (SocNet) — Facebook is not your friend — Twitter or Linkedin aren’t too fond of you either… 19

  21. questions/comments — Speaker: Jonathan Pollet, CISSP, CAP, PCIP Red Tiger Security office: +1.877.387.7733 Email: jpollet@redtigersecurity.com web: www.redtigersecurity.com — Upcoming Training: http://www.blackhat.com/html/bh-us-11/training/parker-scada.html — Check out our Industry Briefings and News Feeds: http://www.redtigersecurity.com/security-briefings/ 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1 speaker Jonathan Pollet, CISSP, CAP, PCIP Started as a Control Systems Engineer

352 views • 20 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities &gt; analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
How much structure is needed? The case of the Persian VP Pegah Faghiri &amp; Pollet Samvelian

How much structure is needed? The case of the Persian VP Pegah Faghiri &amp; Pollet Samvelian

How much structure is needed? The case of the Persian VP Pegah Faghiri &amp; Pollet Samvelian Universit Sorbonne Nouvelle &amp; CNRS {pegah.faghiri,pollet.samvelian}@univ-paris3.fr HeadLex 2016, Warsaw Poland 1 / 50 Outline Goals and

791 views • 49 slides
style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla style#8 flora Add-on products Cashmere bed socks 3 colours Lace bralette 3 colours Necklaces 2 styles Labelling Packaging Website HOME

829 views • 13 slides
The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012

The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012

The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012 Presentation Outline Background &amp; Overview Stuxnets Purpose How Stuxnet Spread Possible Attack Scenarios Infection RPC Server Attack

540 views • 43 slides
Realworldexample:StuxnetWorm Stuxnet:Overview

Realworldexample:StuxnetWorm Stuxnet:Overview

Realworldexample:StuxnetWorm Stuxnet:Overview June2010:Awormtarge&lt;ngSiemensWinCC industrialcontrolsystem. Targetshighspeedvariablefrequency

439 views • 39 slides
A Matter of Style: The Causes and Consequences of Style Drift in Mutual Fund Portfolios Russ

A Matter of Style: The Causes and Consequences of Style Drift in Mutual Fund Portfolios Russ

A Matter of Style: The Causes and Consequences of Style Drift in Mutual Fund Portfolios Russ Wermers University of Maryland Presentation at Q-Group Fall Conference October 20, 2010 Style Investing is a Common Approach to the Portfolio

603 views • 32 slides
Top FINRA Enforcement Issues and Trends of 2019 Brian Rubin Adam Pollet Donald McElligott

Top FINRA Enforcement Issues and Trends of 2019 Brian Rubin Adam Pollet Donald McElligott

Top FINRA Enforcement Issues and Trends of 2019 Brian Rubin Adam Pollet Donald McElligott Partner Counsel VP, Compliance Supervision Eversheds Sutherland Eversheds Sutherland Global Relay Speakers Brian Rubin Adam Pollet Donald

959 views • 24 slides
IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to

IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to

IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to there? 1 Cascading Style Sheets (CSS) example Key Questions Where can we specify style? How to select what parts of a page the style

692 views • 9 slides
STYLE STYLE Stru Structu cture Professional Style Introduction Thank client for

STYLE STYLE Stru Structu cture Professional Style Introduction Thank client for

Preparation for Presentation Oral Presentation to Clients It starts before its starts Come into class early to load presentations before class begins No one will be allowed to load a presentation as part of their time Dr. R. J. Fontenot

144 views • 3 slides
Safety-critical Nick Kofinas Devices The Stuxnet Worm(s) Most of the following are

Safety-critical Nick Kofinas Devices The Stuxnet Worm(s) Most of the following are

How everything can be hacked Safety-critical Nick Kofinas Devices The Stuxnet Worm(s) Most of the following are Maybes Main target: Iranian nuclear program Main physical targets Centrifuge devices PLC controllers The

402 views • 21 slides
WARNING FAILURE TO INSTALL RIVER RUN PRODUCTS SO THAT THE ENTRY SECTION SUPPORT FRAME IS

WARNING FAILURE TO INSTALL RIVER RUN PRODUCTS SO THAT THE ENTRY SECTION SUPPORT FRAME IS

RIVER RUN SLIDE Assembly &amp; Installation Instructions Style 19A Style 24A Style 19B Style 24B Visit inter-fab.com to view our installation help video. Style 23A (Video does NOT replace Style 29A installation instructions.)

688 views • 20 slides
More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based malware: Exploit kits Fake AV Ransomware Today (continuation) How Malware Spreads Adware Computer Virus A type of malicious

647 views • 23 slides
CORONAVIRUS SOCIAL DISTANCING MECHANISM Presentation by Kaitlin Pollet Mentors: David

CORONAVIRUS SOCIAL DISTANCING MECHANISM Presentation by Kaitlin Pollet Mentors: David

CORONAVIRUS SOCIAL DISTANCING MECHANISM Presentation by Kaitlin Pollet Mentors: David Pennock and Amelie Marian ORIGINAL IDEA: PARTITIONING INTO GROUPS COLLEGE EXAMPLE In person class Monday Dining Hall Assigned Times Group 1

418 views • 14 slides
The diversity of inflectional periphrasis in Persian Olivier Bonami 1 Pollet Samvelian 2 1 U.

The diversity of inflectional periphrasis in Persian Olivier Bonami 1 Pollet Samvelian 2 1 U.

The diversity of inflectional periphrasis in Persian Olivier Bonami 1 Pollet Samvelian 2 1 U. Paris-Sorbonne &amp; UMR 7023 Laboratoire de Linguistique Formelle 2 U. Sorbonne Nouvelle &amp; UMR 7528 Mondes iranien et indien PER-GRAM

393 views • 20 slides
Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong

Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong

Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong Department of Computer Science University of Oxford 11 September 2012 1 The goal Automatic Veri fi cation 1 The goal Automatic Veri fi cation of

996 views • 85 slides
A Bloch Torrey Equation for Diffusion in a Deforming Media Damien Rohmer November 21, 2006 A

A Bloch Torrey Equation for Diffusion in a Deforming Media Damien Rohmer November 21, 2006 A

Outline Diffusion Process MRI Change of Coordinates Numerical Solution A Bloch Torrey Equation for Diffusion in a Deforming Media Damien Rohmer November 21, 2006 A Bloch Torrey Equation for Diffusion in a Deforming Media Outline Diffusion

573 views • 42 slides
GREENING A CITY THE EXAMPLE OF WATERMAEL-BOITSFORT

GREENING A CITY THE EXAMPLE OF WATERMAEL-BOITSFORT

GREENING A CITY THE EXAMPLE OF WATERMAEL-BOITSFORT (Brussels) Olivier DELEUZE Mayor odeleuze@wb.irisnet.be

687 views • 32 slides
FinSA at the gates an overview Christian Koller, LL.M., Attorney at Law 25. Juni 2018 FinSA

FinSA at the gates an overview Christian Koller, LL.M., Attorney at Law 25. Juni 2018 FinSA

LGT Regulatory Update for EAMs FinSA at the gates an overview Christian Koller, LL.M., Attorney at Law 25. Juni 2018 FinSA an overview | Slide 1 25. Juni 2018 Contents Preliminary remarks General provisions

425 views • 30 slides
Water Sector Reforms in Kenya Water Sector Reforms in Kenya Improving Governance and Human

Water Sector Reforms in Kenya Water Sector Reforms in Kenya Improving Governance and Human

Water Sector Reforms in Kenya Water Sector Reforms in Kenya Improving Governance and Human Rights to Water Presented By Eng. P. L. Ombogo ( Director Water Sector Reforms) ( Director Water Sector Reforms) 1 1 OUTLINE OUTLINE OUTLINE

491 views • 14 slides
February 20, 2014 February 20, 2014 F b F b Investors Title Settlement Services Division Gina

February 20, 2014 February 20, 2014 F b F b Investors Title Settlement Services Division Gina

February 20, 2014 February 20, 2014 F b F b Investors Title Settlement Services Division Gina F Webster Manager, Settlement Services &amp; Agency Operations Support 121 North Columbia St Chapel Hill, NC 27514 (919) 945-2471 or (800)

683 views • 52 slides
PRESENTATIONS SESSION 6 12-13 May 2016 Paris, France 18-May-2016 Session 6 Supporting

PRESENTATIONS SESSION 6 12-13 May 2016 Paris, France 18-May-2016 Session 6 Supporting

OECD Conference on the Financial Management of Flood Risk Building financial resilience in a changing climate PRESENTATIONS SESSION 6 12-13 May 2016 Paris, France 18-May-2016 Session 6 Supporting insurability and affordability

432 views • 42 slides
Delivering Personalized Medicine and Helping Mitigate Drug Shortages: The 503B Outsourcing Story

Delivering Personalized Medicine and Helping Mitigate Drug Shortages: The 503B Outsourcing Story

Delivering Personalized Medicine and Helping Mitigate Drug Shortages: The 503B Outsourcing Story Presented by: Search Less, Know More Jason McGuire The essential tool for regulatory, Global Quality Director at Fagron compliance, &amp;

798 views • 54 slides
The Path to ~230 MMcf/d Forward Looking Statements This presentation may include certain forward

The Path to ~230 MMcf/d Forward Looking Statements This presentation may include certain forward

March 2018 The Path to ~230 MMcf/d Forward Looking Statements This presentation may include certain forward looking statements. All statements other than statements of historical fact, included herein, Caribbean Sea including, without

400 views • 21 slides

More recommend