Stuxnet: A Case Study of Cyber Warfare and Vulnerability
VerifiedAdded on 2024/07/01
|10
|1538
|176
AI Summary
Stuxnet, a sophisticated malware, was designed to target Siemens PLCs and SCADA systems, specifically aiming to disrupt industrial control systems. This assignment delves into the characteristics of Stuxnet, its impact on the Iranian nuclear program, and the vulnerabilities it exploited. It highlights the importance of patch management and the need for robust cybersecurity measures to protect critical infrastructure from cyberattacks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
P a g e | 1
ITC596
Assignment 1
ITC596
Assignment 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
P a g e | 2
Table of Contents
Introduction........................................................................................................................................... 3
Characteristics of the Internet and the Web.........................................................................................3
Risks of the internet and the web..........................................................................................................4
Threats of the Web and the Internet..................................................................................................... 4
Risk mitigation of the web and the internet threat...............................................................................4
Reference.............................................................................................................................................. 5
Table of Contents
Introduction........................................................................................................................................... 3
Characteristics of the Internet and the Web.........................................................................................3
Risks of the internet and the web..........................................................................................................4
Threats of the Web and the Internet..................................................................................................... 4
Risk mitigation of the web and the internet threat...............................................................................4
Reference.............................................................................................................................................. 5
P a g e | 3
The internet and the web
Introduction
Is these web or internet both are same as all are examine?
The web similarly mentioned officially as World Wide Web (www) is a gathering of info which is
retrieved via the internet and the internet is a universal network of networks. The web is service on
topmost of that organization while the internet is organization. The web can be observed as
gathering of records store while the internet can be observed as a large record on that store. The
web is software while at a high level, we can even think of the internet as hardware (He.1997).
Points that are remembered about The Web-
By clicking on hotspots, you can bounce from one record to another.
There are more than 1,275,000,000 websites.
They carry especially configured documents where it is a system of internet servers.
It uncomplicated to access the World Wide Web applications called web browser.
They hold up links to other forms where forms are formatted in a markup language.
Points that are remembered about The Internet-
Each of the Internet computers is self-governing.
In the world, there are more than 3,700,00,000 users who can access Internets
Millions of computers are global networks
There are verities of ways to access the internet
The internet is decentralized
Characteristics of the Internet and the Web
Internet
i. Its long-term impact- the use of permanent archives
ii. Its temporal indeterminacy
iii. Its global nature
iv. Its multimedia characters
v. Interactivity
vi. It's facilitation of republication
vii. Accessibility
viii. t's reliance on hypertext/hyperlinks
ix. Anonymity
x. In the offline world its potential to shift the balance of power
xi. The prominence of intermediaries (Melnikov et al.2009)
Web
i. Distributed
ii. Web 2.0
iii. Dynamic interactive, Evolving
iv. Cross Platform
The internet and the web
Introduction
Is these web or internet both are same as all are examine?
The web similarly mentioned officially as World Wide Web (www) is a gathering of info which is
retrieved via the internet and the internet is a universal network of networks. The web is service on
topmost of that organization while the internet is organization. The web can be observed as
gathering of records store while the internet can be observed as a large record on that store. The
web is software while at a high level, we can even think of the internet as hardware (He.1997).
Points that are remembered about The Web-
By clicking on hotspots, you can bounce from one record to another.
There are more than 1,275,000,000 websites.
They carry especially configured documents where it is a system of internet servers.
It uncomplicated to access the World Wide Web applications called web browser.
They hold up links to other forms where forms are formatted in a markup language.
Points that are remembered about The Internet-
Each of the Internet computers is self-governing.
In the world, there are more than 3,700,00,000 users who can access Internets
Millions of computers are global networks
There are verities of ways to access the internet
The internet is decentralized
Characteristics of the Internet and the Web
Internet
i. Its long-term impact- the use of permanent archives
ii. Its temporal indeterminacy
iii. Its global nature
iv. Its multimedia characters
v. Interactivity
vi. It's facilitation of republication
vii. Accessibility
viii. t's reliance on hypertext/hyperlinks
ix. Anonymity
x. In the offline world its potential to shift the balance of power
xi. The prominence of intermediaries (Melnikov et al.2009)
Web
i. Distributed
ii. Web 2.0
iii. Dynamic interactive, Evolving
iv. Cross Platform
P a g e | 4
v. Web browser: provides a single interface to many services (Crovella.2009)
vi. Open Source and Open Standards
Risks of the internet and the web
1) Confidentiality problem in the IoT landscape
2) IoT complication expands imitation hazard
3) Information capacities pose a risk to cybersecurity
4) Cybersecurity interrupting on community protection (Thompson.2006)
Threats of the Web and the Internet
1) Email Spoofing
2) Image Spam
3) Chat clients
4) Phishing
5) Overseas Money Transfer Scam
6) Email-Borne Viruses (Bertino et al.2009)
Risk mitigation of the web and the internet threat
1. Security Misconfiguration- When executed through the recognized defaulting situations,
misconfigurations of the application server of the database stage fundamental the
application can be subjugated as well as the database.
2. Unvalidated Redirects and Forwards- This permits attracter to forward the employer to a
location they did not propose to go to and possibly request for private data by trapping the
employer into thinking they are at a trusted site, familiar and valid.
3. CSRF (Cross-Site Request Forgery)- Through somebody else authorizations where the
employer’s browser is deceived into logging into a site.
4. Failure of the restrict URL access- Applications that do not have admittance controller
orders every time a sheet is retrieved may agree on attractors to furnace URLs to access
sheets that are supposed to be secreted (Lepofsky.2014)
v. Web browser: provides a single interface to many services (Crovella.2009)
vi. Open Source and Open Standards
Risks of the internet and the web
1) Confidentiality problem in the IoT landscape
2) IoT complication expands imitation hazard
3) Information capacities pose a risk to cybersecurity
4) Cybersecurity interrupting on community protection (Thompson.2006)
Threats of the Web and the Internet
1) Email Spoofing
2) Image Spam
3) Chat clients
4) Phishing
5) Overseas Money Transfer Scam
6) Email-Borne Viruses (Bertino et al.2009)
Risk mitigation of the web and the internet threat
1. Security Misconfiguration- When executed through the recognized defaulting situations,
misconfigurations of the application server of the database stage fundamental the
application can be subjugated as well as the database.
2. Unvalidated Redirects and Forwards- This permits attracter to forward the employer to a
location they did not propose to go to and possibly request for private data by trapping the
employer into thinking they are at a trusted site, familiar and valid.
3. CSRF (Cross-Site Request Forgery)- Through somebody else authorizations where the
employer’s browser is deceived into logging into a site.
4. Failure of the restrict URL access- Applications that do not have admittance controller
orders every time a sheet is retrieved may agree on attractors to furnace URLs to access
sheets that are supposed to be secreted (Lepofsky.2014)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
P a g e | 5
Reference
He, J. (1997). INTRODUCTION OF THE INTERNET AND WORLD WIDE WEB. Experimental
Techniques, 21(5), 29-33. doi: 10.1111/j.1747-1567. 1997.tb00556.x
Melnikov, V., Melikyan, G., & Maksimov, O. (2009). Characteristics of information retrieval systems
on the internet: Theoretical and practical aspects. Automatic Documentation and Mathematical
Linguistics, 43(1), 42-50. doi: 10.3103/s0005105509010063
Crovella, M. (2000). Performance Characteristics of the World Wide Web. Performance Evaluation:
Origins and Directions, 219-232. doi: 10.1007/3-540-46506-5_9
Thompson, H. (2006). The subtle security risks of web services. Datenschutz Und Datensicherheit -
Dud, 30(10), 604-606. doi: 10.1007/s11623-006-0157-7
Bertino, E., Martino, L., Paci, F., & Squicciarini, A. (2009). Web Services Threats, Vulnerabilities, and
Countermeasures. Security for Web Services and Service-Oriented Architectures, 25-44. doi:
10.1007/978-3-540-87742-4_3
Lepofsky, R. (2014). Understanding IT Security Risks. The Manager’s Guide to Web Application
Security: 1-11. doi: 10.1007/978-1-4842-0148-0_1
Reference
He, J. (1997). INTRODUCTION OF THE INTERNET AND WORLD WIDE WEB. Experimental
Techniques, 21(5), 29-33. doi: 10.1111/j.1747-1567. 1997.tb00556.x
Melnikov, V., Melikyan, G., & Maksimov, O. (2009). Characteristics of information retrieval systems
on the internet: Theoretical and practical aspects. Automatic Documentation and Mathematical
Linguistics, 43(1), 42-50. doi: 10.3103/s0005105509010063
Crovella, M. (2000). Performance Characteristics of the World Wide Web. Performance Evaluation:
Origins and Directions, 219-232. doi: 10.1007/3-540-46506-5_9
Thompson, H. (2006). The subtle security risks of web services. Datenschutz Und Datensicherheit -
Dud, 30(10), 604-606. doi: 10.1007/s11623-006-0157-7
Bertino, E., Martino, L., Paci, F., & Squicciarini, A. (2009). Web Services Threats, Vulnerabilities, and
Countermeasures. Security for Web Services and Service-Oriented Architectures, 25-44. doi:
10.1007/978-3-540-87742-4_3
Lepofsky, R. (2014). Understanding IT Security Risks. The Manager’s Guide to Web Application
Security: 1-11. doi: 10.1007/978-1-4842-0148-0_1
P a g e | 6
ITC-591
ASSIGNMENT 1
Table of Contents
ITC-591
ASSIGNMENT 1
Table of Contents
P a g e | 7
Introduction........................................................................................................................................... 3
At what time Stuxnet occur?................................................................................................................. 3
Vulnerability is commonly approved by threat.....................................................................................3
Reference.............................................................................................................................................. 5
Stuxnet
Introduction........................................................................................................................................... 3
At what time Stuxnet occur?................................................................................................................. 3
Vulnerability is commonly approved by threat.....................................................................................3
Reference.............................................................................................................................................. 5
Stuxnet
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P a g e | 8
Introduction
Making it a worm, Stuxnet was malware that was allowed to spread unaccomplished by a hostess
file. It was especially outlined to the boundary with the procedure of Siemens PLCs and SCADA
(supervisory control and data acquisition) systems that achieve them.
Siemen’s STEP 7 software used to control PLCs, Stuxnet spread from machine to machine.
Broadcasting standard procedure positions back on STEP 7 so that it looks as if all is usual and
interrupting the information the PLC produces by means of the wrong data when it traces a
mechanism with STEP 7 installed on it, Stuxnet starts to feed incorrect data.
It was exactness manufactured to an individual do harm to Siemens industrial control systems and
Stuxnet is extremely erudite it used 4 parts of zero-day outbreaks (including CVE-2010-2568) to
infiltered schemes. It consists of three parts-
1. All the files from detection are hides from rootkit
2. The worm that prepares the majority of the effort
3. Proliferated worm duplicates of a connection folder that systematizes implementation
By way of initial 2007, investigators from Symantec take initiate suggestion that Stuxnet was
established in contradiction of Iran’s nuclear program but it was used to outbreak a nuclear facility in
Iran the backdating of its birth was made well after Stuxnet’s 2010 discovery. By causing them to
spin distant quicker than intended the attack demolished 1,000 separators (Kim.2015).
At what time Stuxnet occur?
It essentially has a supplementary motivating timeline that drives back numerous years previously
but Stuxnet was exposed in 2010. Banquet of Stuxnet was critical in the expansion and numerous
fragments of precursor malware, Conficker and Duqu were instigate in unconventional.
Since its C&C servers subsequently pointing Iranian systems Stuxnet conventional some apprises
previously the C&C servers stayed ultimately blocked and discovered occupied connected.
Completed the succeeding numerous months Stuxnet infections were eliminated (Faily et al.2018).
The vulnerability is commonly approved by the threat
Demonstration of the properties of the militarization of the cyberspace and the circumstance that
I’m going to the extent you validate the reputation of patch management.
It can activity of ancient vulnerabilities to the agreement the schemes consecutively them and
Unpatched software is an informal mark for hackers. For example, the activity code used in the
tarnished Stuxnet’s cyber defenses that strike the separators at the Iranian nuclear plant at Natanz.
The first repaired by Microsoft in 2010, the error utilize by the Stuxnet worm was, but risk
performers in the untamed remain to feat it in an enormous amount of cyber-attack.
Followed as CVE-2010-2568 has remained and remotely implement encryption on not provide with a
patch of Windows processors and defect used by Stuxnet to goal Windows machines.
The Windows Explosive subjugated was noticed fifty mountain times targeting nearly nineteen
mountain machines completely completed the biosphere, the hazardous tendency remains, in
August 2014 experts to exposed that in the time amongst November 2013 & June 2014 (Kallapur et
al.2011).
Introduction
Making it a worm, Stuxnet was malware that was allowed to spread unaccomplished by a hostess
file. It was especially outlined to the boundary with the procedure of Siemens PLCs and SCADA
(supervisory control and data acquisition) systems that achieve them.
Siemen’s STEP 7 software used to control PLCs, Stuxnet spread from machine to machine.
Broadcasting standard procedure positions back on STEP 7 so that it looks as if all is usual and
interrupting the information the PLC produces by means of the wrong data when it traces a
mechanism with STEP 7 installed on it, Stuxnet starts to feed incorrect data.
It was exactness manufactured to an individual do harm to Siemens industrial control systems and
Stuxnet is extremely erudite it used 4 parts of zero-day outbreaks (including CVE-2010-2568) to
infiltered schemes. It consists of three parts-
1. All the files from detection are hides from rootkit
2. The worm that prepares the majority of the effort
3. Proliferated worm duplicates of a connection folder that systematizes implementation
By way of initial 2007, investigators from Symantec take initiate suggestion that Stuxnet was
established in contradiction of Iran’s nuclear program but it was used to outbreak a nuclear facility in
Iran the backdating of its birth was made well after Stuxnet’s 2010 discovery. By causing them to
spin distant quicker than intended the attack demolished 1,000 separators (Kim.2015).
At what time Stuxnet occur?
It essentially has a supplementary motivating timeline that drives back numerous years previously
but Stuxnet was exposed in 2010. Banquet of Stuxnet was critical in the expansion and numerous
fragments of precursor malware, Conficker and Duqu were instigate in unconventional.
Since its C&C servers subsequently pointing Iranian systems Stuxnet conventional some apprises
previously the C&C servers stayed ultimately blocked and discovered occupied connected.
Completed the succeeding numerous months Stuxnet infections were eliminated (Faily et al.2018).
The vulnerability is commonly approved by the threat
Demonstration of the properties of the militarization of the cyberspace and the circumstance that
I’m going to the extent you validate the reputation of patch management.
It can activity of ancient vulnerabilities to the agreement the schemes consecutively them and
Unpatched software is an informal mark for hackers. For example, the activity code used in the
tarnished Stuxnet’s cyber defenses that strike the separators at the Iranian nuclear plant at Natanz.
The first repaired by Microsoft in 2010, the error utilize by the Stuxnet worm was, but risk
performers in the untamed remain to feat it in an enormous amount of cyber-attack.
Followed as CVE-2010-2568 has remained and remotely implement encryption on not provide with a
patch of Windows processors and defect used by Stuxnet to goal Windows machines.
The Windows Explosive subjugated was noticed fifty mountain times targeting nearly nineteen
mountain machines completely completed the biosphere, the hazardous tendency remains, in
August 2014 experts to exposed that in the time amongst November 2013 & June 2014 (Kallapur et
al.2011).
P a g e | 9
Reference
Kim, B., & Lee, S. (2015). Conceptual Framework for Understanding Security Requirements: A
Preliminary Study on Stuxnet. Requirements Engineering In The Big Data Era, 135-146. doi:
10.1007/978-3-662-48634-4_10
Reference
Kim, B., & Lee, S. (2015). Conceptual Framework for Understanding Security Requirements: A
Preliminary Study on Stuxnet. Requirements Engineering In The Big Data Era, 135-146. doi:
10.1007/978-3-662-48634-4_10
P a g e | 10
Family, S. (2018). Case Study: Defending Critical Infrastructure Against Stuxnet. Designing Usable
And Secure Software With IRIS And CAIRIS, 155-175. doi: 10.1007/978-3-319-75493-2_8
Kallapur, P., & Geetha, V. (2011). Web Security: A Survey of Latest Trends in Security Attacks. Lecture
Notes In Electrical Engineering, 405-415. doi: 10.1007/978-3-642-25541-0_52
Family, S. (2018). Case Study: Defending Critical Infrastructure Against Stuxnet. Designing Usable
And Secure Software With IRIS And CAIRIS, 155-175. doi: 10.1007/978-3-319-75493-2_8
Kallapur, P., & Geetha, V. (2011). Web Security: A Survey of Latest Trends in Security Attacks. Lecture
Notes In Electrical Engineering, 405-415. doi: 10.1007/978-3-642-25541-0_52
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.