1/28/2020 2:08 PM | |
Joined: 9/27/2006 Last visit: 10/28/2024 Posts: 12292 Rating: (2690) |
Hello James; One point is very important in all this exchange: Stuxnet is not and never was a PLC virus. With the combined resources of U.S. and Israeli military hackers (presumed) Stuxnet could have been developped to affect a PLC's memory and process control, but since the PLCs and computers were not networked (to protect them from foreign infestation) it was decided that the attack on Iranian uranium enrichment plants would be spread through USB keys, directed at the WinCC components of the application, and the Windows operating system that supported it. https://en.m.wikipedia.org/wiki/Stuxnet That explains why Siemens cybersecurity recommendations require protection on networks that allow data exchanges with the CPUs, and good antivirus management for the PCs used to program and monitor them. Hope this helps, |
This contribution was helpful to3 thankful Users |
1/29/2020 7:23 AM | |
Joined: 9/9/2014 Last visit: 7/11/2024 Posts: 246 Rating: (40) |
Hello ALL, I completely agree with ChristophD Ahhh - are we still talking about this? I’ll tell a story about how we got rid of the Stuxnet virus (restless worm) in production: I worked in glass production and at the time this virus appeared - I was surprised - our system was also infected by it. We had workstations and servers with PCS 7 and PLCs 400 series. The most interesting thing is that nothing happened - the worm lived quietly at workstations and did no harm to us - he was a friendly neighbor. When this guy made a fuss, antivirus companies stirred - and in Russia - Kaspersky released a utility for catching this worm on working computers (ARMs). We launched the cleaning utility - and found this worm on all of our computers located in the industrial network - it was an isolated network, it was inaccessible from outside, it couldn’t be accessed, and so on. The utility did its job, the worm was successfully removed, but where did it come from? We were surprised, but he came to us through flash cards, and it was very tricky. On one of the computers inside the industrial network there was access to a data card on a flash card — this was done for reports — there was an antivirus on the computer. On the computer where the reports were later transferred, there was also an antivirus. The flash card itself did not go anywhere from production, that is, always at work. And the infection was precisely through a computer that was on another network - which had access to the Internet ... What does the worm itself do - scan the network and all media, spread itself to everything that was possible (then the IT service cleaned all working computers from it that were not related to the industrial network where the PLCs were) And distributed, in parts - that is, first checked on the network of the computer where the USB flash drive was installed - whether there is a PLC in the network - or its PLC data exchange protocol (S7-protocol). If so, then the rest of the worm’s body was transferred for attack. And there wasn’t an attack, because the worm needed to be in another country. He copied himself to the computer and was waiting in the wings, but did not have time))) ***************************** Therefore, so that there would be no such nonsense - make a normal defense, trying to predict all possible options |
Last edited by: Unreality at: 01/29/2020 10:50:37Best Regards |
|
This contribution was helpful to3 thankful Users |
Follow us on