Stuxnet Worm Attacks
BY CHLOE ALBANESIUS , LARRY SELTZER SEPTEMBER 27, 2010
The Stuxnet worm has already infected 30,000 IP addresses in Iran and is still mutating, according to Monday press reports. "The attack is still ongoing and new versions of this virus are spreading," Hamid Alipour, deputy head of Iran's Information Technology Company, was quoted as saying by IRNA, Iran's official news agency, AFP reported.
Stuxnet, a joint U.S.-Israel project, is known for reportedly destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. Stuxnet was created for Siemens supervisory control and data acquisition (SCADA) systems, which control water supplies, oil rigs, power plants, and other industrial facilities. Iranian authorities have denied that the country's Bushehr nuclear plant was targeted, AFP said, though Computerworld reported that while some computers at the facility were infected, none were in control of crucial control systems.
Stuxnet appears to be more than just another malware attack or another targeted attack. Many believe that it is a government-sponsored attack against Iran's nuclear facilities. Stuxnet first came to our attention as the first attack using Microsoft Windows Shortcut 'LNK/PIF' vulnerability. German security firm Langner called it the "hack of the century." Roel Schouwenberg of Kaspersky also said it was groundbreaking.
Source:
http://www.pcmag.com/article2/0,2817,2369745,00.asp
What are the things should be done to prevent such attacks?
1- Isolate command and control networks from shared public networks:
To prevent Stuxnet from getting into the network and provide more secure and private system, we have to completely isolate command and control networks from shared public networks. For instance, there are a lot of employees use and share a confidential information via their company's email to public email users. This command and control over shared public networks is more fast and suitable solution and high cost-efficient, but could be lead to major risks. Moreover, transfer data through USB can be a significant reason for being attack the inter data system even though if it a private or public machine. (Acil).
2- Passwords and access control:
Also I recommend to provide a suitable separation between corporate and ICS networks, with redundancy built into several networks avoid single points of failure. For example, accessing to PLC and SCADA devices should not be available on the organization network. The users should be controlled by separate authentication from the corporate network with using strong authentication techniques including the employees ID cards (Acil).
3- Intrusion detection/prevention systems:
is a device or software application that monitors network or system activities for malicious activities We should use Intrusion detection if You want to protect your data and systems integrity Intrusion detection takes Placed between the firewall and the system being secured, a network based intrusion detection system can provide an extra layer of protection to that system (nada).
4- Anti-virus updates:
Anti-virus is a program that designed to prevent detect and remove the worms like StuxNetto
But we have to updates the anti-virus so we can protect our devices from the malicious software like worms because if we didn’t updates our software it will be essay attack because these attacks were unknown at the time of attack if the software new the worm it was essay to prevent the devices (nada).
5- Backup information:
Backup is the activity of copying files or databases so that they will be preserved.
We should have backup copies of the information or data of each period between fifteen minutes and thirty minutes and save it within a local area network scale to separate it from contacting the Web network. In the event of a possible break or any attempt internal penetration by unknown people who don’t have access to use the information or data we should put protection devices that can open the encryption or devices to protect the data such as imprint eye or sound in case of theft. (Sulafa)
6- Change the domain:
The domain (.com, .org etc.)is a substitute for the IP number of the site IP Address.
We should put several domains of the network so that it is difficult to penetrate from one area so we can disabled the entire network work of it since if it was hackedin a particular area, it is also easy to move from the hacked area to other and stop the service of the penetrator area so we can try to retrieve it to see the gaps in it and solve it then apply it to the rest of the domains to avoid any new penetrate in the future. (Sulafa)
No comments:
Post a Comment