Stuxnet Central

The Stuxnet malware worm has been called an incident “that marks a new age of cyber warfare”.  Stuxnet Central provides a hub for the information that Tofino Security has created regarding Stuxnet, along with links to key industry material.

 

(Note: you must be a member of tofinosecurity.com and be logged in to have access to these documents. If you are not already a member, register here)

Stuxnet News Coverage

ISS Source, November 15, 2012

Stuxnet Hit 4 Oil Companies

 

The New York Times, June 1, 2012

Obama Order Sped Up Wave of Cyberattacks Against Iran

 

Additional news stories on the Stuxnet malware are listed for your convenience.

Stuxnet Presentations

September 21, 2011

PDF "Mission Critical Security in a Post-Stuxnet World Part 1" (3MB)

PDF "Mission Critical Security in a Post-Stuxnet World Part 2" (1MB)

 

March 21, 2011

PDF "What Does Stuxnet Mean for ICS" (588kb)

 

This presentation summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security. It is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Stuxnet White Papers

Feb 22, 2011

PDF How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems, version 1.0 (5MB)  

Authors:  Eric Byres, CTO of Tofino Security Inc., Andrew Gintner, CTO of Abterra Technologies, Joel Langill, CSO of SCADAhacker.com
 

This paper details how Stuxnet could infect a control system site protected by a high security architecture using modern, vendor-recommended best practices. The paper shows that current best practices are insufficient to block advanced threats. It then discusses what operators of control and SCADA systems need to do to protect their critical systems from future threats of this type.
 

ISSSource.com has a series of articles about this White Paper:

Stuxnet Report: A System Attack

Stuxnet Report II: A Worm's Life

Stuxnet Report III:  Worm Selects Site

Stuxnet Report IV: Worm Slithers In

Stuxnet Report V:  Security Culture Needs Work

 

October 14, 2010

PDF Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals, version 3.2 (83kb)    

Authors:  Eric Byres, CTO and Scott Howard, Technical Services Manager, both of Tofino Security Inc.

 

This paper summarizes the current known facts about the Stuxnet worm. It also summarizes the actions that operators of SCADA and ICS systems can take to protect their critical operations.

Tofino Security / Stuxnet Application Note

Nov 8, 2010

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security Using Tofino to Control the Spread of the Stuxnet Malware - Application Note describes how to divide the control network into security zones and how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm.

 

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security Eagle Tofino Stuxnet Technical Bulletin - English (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.

 

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security Eagle Tofino Stuxnet Technical Bulletin - German (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.

 

Feb 8, 2011

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security Siemens S7 Clear Memory - Application Note (728kb) - describes how to clear the memory on the S7 controllers and remove the Stuxnet worm.

 

Stuxnet Mitigation Matrix

Oct 21, 2010

PDF Stuxnet Mitigation Matrix by Tofino Security shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations. 

 

“Practical SCADA Security” blog posts on Stuxnet

 

   

July 7, 2011

Siemens Cyber Security Report Card (Part 2 of 2) (plus Presentation)

July 6, 2011

Siemens Cyber Security Report Card (Part 1 of 2) (plus Presentation)

June 30, 2011

#1 ICS and SCADA Security Myths: Protection by Air Gap  

June 20, 2011

Blaming Vendors Doesn’t Fix Today’s SCADA Security Issues

May 31, 2011

“Son-of-Stuxnet” - Coming Soon to a SCADA or PLC System Near You

May 10, 2011

PLC Security Risk: Controller Operating Systems

Mar 21, 2011

Summing up Stuxnet in 4 Easy Sections - (Plus Handy Presentation)

Mar 9, 2011

ISA99 Stuxnet Gap Assessment – Why It’s Important

Feb 22, 2011

The Many Paths of Stuxnet: How Robust are Today's Best Practice Systems?

Feb 11, 2011

Stuxnet: Staying Ahead of the Bad Guys

Jan 17, 2011

Stuxnet Guidance: The Good, the Bad and the Ugly

Jan 4, 2011

Stuxnet Lesson: Is SCADA/Control Field Device Firmware the Next Malware Target?

Dec 8, 2010

Stuxnet and DoS Attacks on SCADA News Lists means Increased Risk for Industrial Control Systems

Nov 29, 2010

Iran Confirms Stuxnet Impacts their Centrifuges / Was Iran's Stuxnet Expert Assassinated?

Nov 26, 2010

Bad News for SCADA - Stuxnet gets Scarier

Nov 8, 2010

Using Tofino Security to Control Stuxnet - New Application Note

Nov 4, 2010

Controlling Stuxnet - No More Flat Networks PLEASE.  Let's Embrace "Security Zones".

Oct 25, 2010

Stuxnet Mitigation Matrix Updated

Oct 21, 2010

Stuxnet Mitigation Matrix shows how to reduce exposure to malware worm

Oct 14, 2010

No Silver Bullet for Stuxnet / Siemens WinCC Malware

Oct 1, 2010

The Stuxnet Mystery Continues

Sept 23, 2010

The Amazing Mr. Stuxnet

Sept 17, 2010

Stuxnet - I was wrong

Aug 11, 2010

Why Stuxnet affects all Windows Systems

Aug 4, 2010

Why Another Blog? Stuxnet Shows Why

 

RSS Feed Subscribe to the "Practical SCADA Security" news feed

Stuxnet Videos

March 4, 2012

Video Stuxnet: Computer worm opens new era of warfare

Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe.

Program: 60 Minutes

Reporter:  Steve Kroft

 

June 19, 2011

Video Stuxnet: Anatomy of a Computer Virus

An infographic dissecting the nature and ramifications of Stuxnet, the first weapon made entirely out of code. This was produced for Australian TV program HungryBeast on Australia's ABC1

(Note: this animation is excellent at conveying the uniqueness of Stuxnet, however, it contains a few technical inaccuracies. For example Stuxnet had 7 zero day vulnerabilities, not 20.)

Direction and Motion Graphics: Patrick Clair

Written by: Scott Mitchell

 

March 29, 2011

Video Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.

 

 

Video Joel Langill's Stuxnet Infection Video

This video was created by

Joel Langill
CEH, CPT, CCNA
CSO, SCADAhacker.com
www.scadahacker.com

 

Key Stuxnet References

Microsoft Security Bulletins
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
http://www.microsoft.com/technet/security/bulletin/MS10-061.mspx

 

Microsoft Security Advisory (2286198)
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://support.microsoft.com/kb/2286198
http://support.microsoft.com/kb/2347290

Microsoft Malware Protection Center
http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
http://blogs.technet.com/b/mmpc/archive/2010/07/30/stuxnet-malicious-lnks-and-then-there-was-sality.aspx

 

Siemens Automation
http://support.automation.siemens.com/WW/view/en/43876783

 

US-CERT
http://www.us-cert.gov/control_systems/pdf/ICSA-10-201-01C - USB Malware Targeting Siemens Control Software - Update C.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-10-272-01.pdf

http://www.us-cert.gov/control_systems/pdf/ICSA-10-238-01B%20-%20Stuxnet%20Mitigation.pdf

 

Symantec Security Focus

http://www.securityfocus.com/bid/31874
http://www.securityfocus.com/bid/41732
http://www.securityfocus.com/bid/43073

 

CVE References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2729
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2772

 

Detailed discussion on the malware and how it works:

http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec2010.pdf
http://www.fas.org/sgp/crs/natsec/R41524.pdf

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
http://www.langner.com/en/
http://www.symantec.com/connect/blogs/w32stuxnet-dossier
http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf 

http://findingsfromthefield.com/

http://www.industrialdefender.com/reg/downloads_register.php