“Sons of Stuxnet” paper mod 2

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

123

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by DeanCrab6163

1 Prof. Johnson Natl Sec Challenges/21st Cen (HLS-240-275) 6 November 2021 “Sons of Stuxnet” "2,200 cyberattacks per day, that could equate to more than 800,000 people being hacked per year "Stouffer." That is an insane number of cyber-attacks that happen take place daily around the world. Cyber-attacks have been more prevalent since the start of the information age. They will continue to be a major area of concern moving forward for all major infrastructures and companies. Since the joint attack of the United States (U.S.) and Israel in 2010 that introduced Stuxnet, it has been a prevalent player in cyber-attacks that have since morphed into various adaptations known as the "Sons of Stuxnet." To understand what Stuxnet and "Sons of Stuxnet" are, one must begin at its creation in 2010 and take in why notorious malware was created. "Stuxnet is a computer worm originally aimed at Iran's nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities. The original Stuxnet malware attack targeted the programmable logic controllers to automate machine processes" (What is Stuxnet). Stuxnet was created during a joint mission by the U.S. and Israel during a top- secret operation aimed at the Nation of Iranian to slow down their nuclear weapons development. The collaboration by the allied nations was successful in slowing the development of nuclear weapons by the Nation of Iran. Although the attack was successful, it caused substantial damage across other world regions in the process, even after the cyberattack was discovered. Nevertheless, the cyber

2 weapon had done its job, and the U.S. knew that there could be severe implicating ramifications once it was discovered. As a result, "President Obama concluded that when it came to stopping Iran, the United States had no other choice" (Obama Order). After this successful attack, several additional attacks would occur with the cyberweapon that would introduce various variations from Flame, Havex, Industroyer, and Triton that would become known as the "Sons of Stuxnet." In 2012, the malware was known as "Flame" was introduced to the world after it was used in an attack that targeted "government, educational organizations, and some private individuals mostly in Iran and Middle Eastern countries" (What is Stuxnet). Like its counterpart Stuxnet, Flame can travel via a USB stick and targets several features within the computer that the individual or organization is utilizing. "Flame was sophisticated spyware that recorded Skype conversations, logged keystrokes, and gathered screenshots, among other activities" (What is Stuxnet). It can be destructive malware that, once introduced to a computer system, can cause devastating damage and provide intelligence to the adversaries. Even more, Flame does continued damage like "turns on the internal microphone of an infected machine to record conversations secretly, turns Bluetooth-enabled computers into a Bluetooth beacon, store frequent screenshots of activity on the machine, and sends them via a covert SSL channel to the attackers' command-and-control servers" (Nast). This attack in 2012 showed how government, educational organizations, and some private individuals could be attacked. Furthermore, the attack in 2013 known as Havex displayed how an entire infrastructure could be attacked using a cyberweapon. "The Havex component leverages the OPC standard to gather information about industrial control devices and then sends that information back to its command-and-control server for the attackers to analyze" (Constantin). Havex, introduced in 2013 and was used to

3 attack the infrastructures of the U.S., Europe, and Canada. Have works by gathering information from the energy sector, aviation sector, defense sector, water sector, and pharmaceutical companies while sending the information back to its source. The Havex is a trojan that type of malware that can take control of your computer by malicious code or software. "This Trojan can download and execute component files. These component files are capable of enumerating all connected network resources, such as computers or shared resources. It uses the Distributed Component Object Model to connect to OPC servers within the network" (Pichel). With the addition of Havex to the list of cyber weapons that could be utilized to cripple nations, it would only introduce another variation used in another attack just three years later. Known as the Industroyer, in 2016, this cyberweapon was designed to disrupt the flow of the industrial sector and attack a nation's power grid. The "Industroyer is modular, which allowed the four communications protocols to be targeted, no matter the device type, vendor, or configuration files. As long as one of the above communication protocols were in use, the attack could continue" (ZDNet). The attack caused nationwide power outages that could have been even more detrimental to Ukraine than they were. Deploying a cyber weapon that focuses on the industrial aspect of any nation is eye- opening. However, a national power grid shows how far cyberweapons have advanced in six years to have the cyber weapon attack. Additionally, this was not the last of the Stuxnet variation that would be seen because just the following year, in 2017, the world would be introduced and see the damage that another malware variation known as Triton can do. "In August 2017, a petrochemical facility in the Middle East was the target of a cyber- attack involving the Triton malware" orchestrated by the Russian government" (treasury

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

4 Sanctions). The Cyber-attack was controlled by a research institute responsible for building the tools that enabled the attack. Triton caused havoc across several local, state, and federal agencies along with networks. Triton targeted the Triconex safety controller, distributed by Schneider Electric. Triconex safety controllers are used in 18,000 plants (nuclear, oil and gas refineries, chemical plants, etc.), and attacks on SIS require a high level of process comprehension" (Roccia). The attackers used a tactic known to many in the cyber community known as spear phishing. "The attackers gained access to the network probably via spear phishing, according to an investigation. After the initial infection, the attackers moved onto the main network to reach the ICS network and target SIS controllers" (Roccia). Triton is just another display of the ever- increasing sophistication of cyber-attacks that are being launched against infrastructure and nations. Malware will continue to be a significant threat as technology races forward and become more prevalent as nations become more dependent on its effectiveness. The U.S. and its collaboration with Israel displayed how effective malware could be when it was used to attack the Nation of Iranian. Even more, with the various variations that have since been conceived from Flame, Havex, Industroyer, and Triton knew as the Sons of Stuxnet. Have shown that as technology continues to be magnified and utilized in everyday operations from local, state, and federal agencies, it will be continuing to cause chaos as additional variations are created. How would the U.S. handle a substantial attack on its infrastructure from an adversary seeking to cause grave damage? Works Cited

5 Constantin, Lucian. "New Havex Malware Variants Target Industrial Control System, SCADA Users." Computerworld , 24 June 2014, https://www.computerworld.com/article/2491185/new- havex-malware-variants-target-industrial-control-system--scada-users.html . Https://Www.Zdnet.Com/Article/Industroyer-an-in-Depth-Look-at-the-Culprit-behind-Ukraines-Power- Grid-Blackout/ . Nakashima, Ellen. "Stuxnet Was Work of U.S. and Israeli Experts, Officials Say." The Washington Post , 2 June 2012, https://www.washingtonpost.com/world/national-security/stuxnet-was-work- of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html. Nast, Condé. "Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers." Wired , 28 May 2012, https://www.wired.com/2012/05/flame/. "Obama Order Sped Up Wave of Cyberattacks Against Iran (Published 2012)." NYTimes , 1 June 2012, https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks- against-iran.html. Pichel, Written. "HAVEX Targets Industrial Control Systems - Threat Encyclopedia." Trend Micro Security , 14 July 2014, https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/ 139/havex-targets-industrial-control-systems. Roccia, Thomas. "Triton Malware Spearheads Latest Attacks on Industrial Systems." McAfee Blogs , 8 Nov. 2018, https://www.mcafee.com/blogs/other-blogs/mcafee-labs/triton-malware-spearheads

6 latest-generation-of-attacks-on-industrial-systems/. "Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware." U.S. Department of the Treasury , 4 Nov. 2021, https://home.treasury.gov/news/press-releases/sm1162. "What Is Stuxnet? | McAfee." McAfee Enterprise , https://www.mcafee.com/enterprise/en-us/security- awareness/ransomware/what-is-stuxnet.html. Accessed 11 Apr. 2021. Written by Clare Stouffer, a. "115 Cybersecurity Statistics and Trends You Need to Know in 2021." Norton , https://us.norton.com/internetsecurity-emerging-threats-cyberthreat-trends- cybersecurity-threat-review.html. Accessed 11 May 2021.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

“Sons of Stuxnet” paper mod 2

Related Documents