Cyber Security: Stuxnet Virus Attack - Research Paper Example

? Cyber Security: Stuxnet Virus Attack Cyber Security: Stuxnet Virus Stuxnet refers to a self replicating malware that induced the attention of technological experts in June 2010. Experts have not unraveled the source of this virus. Hackers continuously use different computer worms to subvert targeted sites and systems. Cyber security technologists discovered that the malware tends to be transmitted via Microsoft Windows and specifically infects software and equipment manufactured by technological giants Siemens (Siemens, 2010, p. 2). This unusual virus contains a programmable logic controller (PLC) root kit. The malware appears to spread indiscriminately and employs a sophisticated malware payload (Siemens, 2010, p. 2). Apparently, the virus seems to infect supervisory control and data acquisition (SCADA) systems manufactured by Siemens. SCADA systems control and monitor selected industrial processes. The reason as to why the hackers designed the virus so as to subvert SCADA systems from Siemens remains unknown (Siemens, 2010, p. 3). The authors of Stuxnet skillfully designed it in a manner that allows the virus to inactivate and later delete itself from computers without Siemens software. Experts also discovered that the malware contains a safeguard that prohibits it from spreading to more than three computers. The virus contains a code that corrupts sensor signals in industrial control units. Eventually, the infected system fails to shut down distorting the activities in progress. In addition, the malware reflects a layered attack against three crucial systems: the Windows operating system, Siemens S7 PLCs, Siemens PCS7, WinCC and step seven industrial software applications that run on Windows (Ralph, 2011, p. 4). Antivirus experts affirm that the virus used four zero day attacks on windows systems. The virus can spread via removable drives like USB flash disk and peer to peer RPC. Eventually, the virus infects and updates other neighboring computers inside private networks even in the absence of internet connection. The virus occurs in different programming languages like C and C++ and spreads exceedingly exceptionally and indiscriminately on Windows OS. In addition, the malware contains user mode, kernel mode root kit and digitally signed device drivers. Experts discovered two websites in Malaysia and Denmark that served as control servers and commanders for the malware. The servers offered a link for updating the malware and prompted it to initiate the industrial espionage (MacMillan, 2010, p. 6). Regarding, WinCC/SCADA software database, experts realized that the malware exploited zero day attack in the form of a complex code database password. Apparently, the virus interfered with project files WinCC/PCS7 SCADA control software (step 7) manufactured by Siemens. Consequently, it subverted a vital key communication protocol of WinCC called s7otbxx.d11. The malware intercepted the communication between WinCC software operating on windows PLC devices of Siemens origin. The malware then installed itself in the memory block DB890 of the PLC and masked itself to avoid possible detection by the control software on the PLC. Experts have not been able to reveal the entire Stuxnet code. However, they indicate that the virus affects SCADA configurations that meet its selection criteria. The malware uses frequency converter drives of Finland (by Vacon) and Iran (by Fararo Paya) origin, to attach itself unto Siemens-S7 300 system. The malware then controls the frequency of the attached motors that spin between 807 HZ and 1210HZ. Such motors usually regulate different units including gas centrifuges and gas pumps. The DB890 memory of the PLC monitors Profibus messaging bus of the system. The malware thus modified the frequency to 1410 HZ, 2HZ and 1064 HZ under unknown circumstances. Consequently, the operation of the connected motors became affected, disrupting their control rational. The worm also installs a root kit that prevents the PLC systems from detecting it. Much of the attacks targeted five Iranian organizations (Macmillan, 2010, p. 8). The ministry of industries and mines of Iran disclosed that the attack aimed at transferring data from Iran’s production lines to unknown generation. Experts suspected that the attack aimed at destroying Uranium enrichment Infrastructure (MacMillan, 2010, p. 9). Reports indicated that the hackers programmed the attack to interfere with the centrifuges’ rotor speed. The hackers tried to bring all the centrifuges to a halt. The Iranian government indicated that the attack partially affected their Uranium Plants Centrifuges. However, the attack did not cause much destruction (Ralph, 2011, p. 8). Some people speculated that the attack might have originated from Israel. Others believe that the U.S and Israel instigated the attack jointly. However, Israel and the U.S did not comment publically on the attack. The attacks also affected several other countries. The magnitude of the attack can be summarized as follows: Iran 58.85%, Indonesia 18.22%, India 8.31%, Azerbaijan 2.57%, United States 1.56%, Pakistan 1.28% and others 9.2% 9 (Ralph, 2011, p. 9). Since no one knows the exact origin of the attack, the casualties of the attack did not spark much debate. The uncertainty of the origin of Stuxnet virus presents a bigger picture of how difficult it is to curb cyber terrorism. Siemens had to come up with an antidote for Stuxnet. The technological giant recommended the installation of Microsoft patches as a preventative measure. In addition, users should and restrict the use of USB flash disks of unknown sources. Siemens also advised users of their products to contact the company’s technical team incase a virus infection becomes detected. In addition, users need to use strong and undetectable passwords. Detection of the instigators of malware attacks proves to be a challenging exercise. Malware attacks can be launched from anywhere in the world. Therefore, all stake holders need to upgrade their anti cyber terrorism strategies. The international community should come up with policies that govern the use of cyberspace. Each country needs to initiate superb cyber terrorism vigilance at the local level. Such collective responsibility will enhance the security of cyberspace. Janczewski (2008, p. 25) suggests that software that is no longer in use should be uninstalled. Ports of work stations should be opened to authorized individuals only, to prevent unauthorized usage of services like FTP or telnet. Anti malware experts also encourage users to install updates instantly to reduce chances of malware attacks. Administrators should check for new updates frequently. Corporate security networks should be scanned for check for security holes using software products like Retina, Net recon and Scanner. Other measure should include encrypt communication; control of configuration routers the establishments of assessments and certificates (Janczewski, 2008, p. 26). On the other hand, Enders and Sandler (2006, p. 23) indicate that government agencies should focus on inhibiting cyber attacks or curtail their consequences. In this regard, governments should formulate intelligent agencies that provide cyberspace vigilance. References Enders, W., and Sandler, Todd (2006). The Political Economy of Cyber terrorism. Cambridge: Cambridge University Press. Janczewski, L. (2008). Cyber warfare and Cyber terrorism. Pennsylvania: Idea Group Inc. MacMillan, Robert (2010). Siemens: Stuxnet Hits Industrial Systems. computerworld.Retrieved 9 Feb.2012from Ralph, L (2011). Cracking Stuxnet, a 21st century cyber weapon. Retrieved 8 Feb. 2012 from Siemens (2010). Building Cubersecurity Plant. Siemens. Retrieved 9 Feb. 2012 from Read More