Stuxnet was the first targeted malware that received worldwide attention for causing physical damage in an industrial infrastructure seemingly isolated from the online world. Stuxnet was a powerful targeted cyber attack, and soon other malware samples were discovered that belong to this family. In this talk, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. We describe our contributions in the investigation ranging from the original detection of Duqu via finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in the sense that it used advanced cryptographic techniques to masquerade as a legitimate proxy for the Windows Update service. We also touch upon some other examples such as Gauss, MiniDuke, and TeamSpy. Besides explaining the operation of these pieces of malware, we also examine if and how they could have been detected, and we discuss the lessons that the computer security community can learn from these incidents.
Levente Buttyán received the M.Sc. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 1995, and earned the Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in 2002. In 2003, he joined the Department of Networked Systems and Services at BME, where he currently holds a position as an Associate Professor and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). He has done research on the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems, and participated in various international research projects (e.g., UbiSecSens, SeVeCom, EU-MESH, WSAN4CIP).
This talk is part of the "Cyber Security Lecture Series" and organized by the Automation Systems Group at the Institute of Computer Aided Automation supported by the AIT Safety and Security Department.