Oko okumele ukwazi nge-Stuxnet worm
I-Stuxnet yinkomfa yecomputer ejolise kwiindidi zolawulo lwezonyango (i-ICS) eziqhelekileyo ezisetyenziselwa kwizibonelelo zenkxaso-mali (oko kukuthi izityalo zamandla, izibonelelo zonyango lwamanzi, imigca yegesi, njll).
Iimbongolo zidlalwa ukuba ziye zafunyanwa ngo-2009 okanye ngowama-2010 kodwa zifunyenwe ukuba ziye zahlasela inkqubo yenyukliya ye-Iranian kunyaka ka-2007. Ngalezo zinsuku, i-Stuxnet yafunyanwa ngokuyinhloko e-Iran, e-Indonesia nase-Indiya, ibala ngaphezu kwama-85% zonke izifo.
Ukususela ngoko, i-worm iye yachaphazela amawaka eikhompyutheni kumazwe amaninzi, ize ichithise ngokupheleleyo uomatshini kunye nokucima inxalenye enkulu ye-centrifuges ye-nyukliya ye-Iran.
I-Stuxnet yenza ntoni?
I-Stuxnet yenzelwe ukuguqula ii-Logic Controllers eziCwangcisiweyo (i-PLCs) ezisetyenziswe kuloo ndawo. Kwiimeko ze-ICS, i-PLCs automate imisebenzi yohlobo lwezoshishino ezifana nokulawula izinga lokuhamba lokugcina uxinzelelo kunye nolawulo lokushisa.
Yakhiwe ukuba isasazeke kuphela kwiikhomputha ezintathu, kodwa enye yazo iyakwazi ukusabalalisa kwabanye abathathu, yindlela yokusasazeka ngayo.
Enye yeempawu zayo ukusabalala kwiinkqubo kwintanethi yendawo engabandakanyekanga kwi-intanethi. Umzekelo, unokushukumisela kwikhompyutheni nge- USB kodwa emva koko usasaze kwezinye iimashini zangasese ngasemva kwe- router ezingasetyenziswanga ukufikelela kumaziko amaninzi, ngokubangela ukuba izixhobo ze-intranet zithintele ngokuthe ngqo.
Ekuqaleni, abaqhubi befowuni yeStuxnet babesayinwe ngamadijithi njengoko bebiwe kwizatifikethi ezisemthethweni ezisebenzisayo kwiiJMicron ne-Realtek zixhobo, eziye zavumela ukuba zifake kalula ngokuzenzekelayo ngaphandle kokukhangela umsebenzisi. Ukususela ngelo xesha, i-VeriSign ichithe izatifikethi.
Ukuba intsholongwane ehlala kwikhompyutheni engenayo i-software efanelekileyo ye-Siemens efakwe kuyo, iya kuhlala ingenamsebenzi. Lo mnye umehluko omkhulu phakathi kwale ntsholongwane kunye nabanye, ngokuba yakhelwe injongo enqabileyo kwaye "ayifuni" ukwenza nantoni na into enomnye kwamashishini.
I-Stuxnet ifikelela njani kwi-PLC?
Ngenxa yezizathu zokhuseleko, ezininzi izixhobo ze-hardware ezisetyenziselwa iinkqubo zolawulo lwezentengiselwano azixhunyiwe kwi-intanethi (kwaye kaninzi ayinakunxibelelana nanoma yimuphi unxibelelwano lwangaphakathi). Ukujongana nale nto, i-Worm ye-Stuxnet ifaka iindlela ezininzi zokusasazeka ngenjongo yokugqibela nokufikelela kwiifayile zeprojekthi ze-STEP 7 ezisetyenziselwa ukucwangcisa amacebo e-PLC.
Ngeenjongo zokuqala zokusasazeka, iithagethi zeeprogram ziqhuba iinkqubo zokusebenza ze-Windows, kwaye ngokuqhelekileyo zenza oku nge- flash drive . Nangona kunjalo, i-PLC ngokwayo ayisona inkqubo esekelwe kwiWindows kodwa kunoko ifowuni yolwimi lomnini. Ngenxa yoko i-Stuxnet idlula iikhompyutheni zeWindows ukuze ifike kwiinkqubo ezilawula ii-PLC, apho ibuyisela umvuzo wayo.
Ukuhlaziya kwakhona i-PLC, i-worm ye-Stuxnet ifuna kwaye ifuthe iifayile zeprojekthi ze-STEP 7, ezisetyenziswe ngu-Siemens SIMATIC WinCC, ulawulo lwe-supervisory kunye nokuthengwa kwedatha (SCADA) kunye nenkqubo yomsebenzisi wombane (HMI) esetyenziselwa ukucwangcisa i-PLC.
I-Stuxnet iqulethe imizila eyahlukeneyo ukuchonga uhlobo oluthile lwe-PLC. Uhlobo lokutshekisha luyimfuneko njengoko imiyalelo yomgangatho womatshini iya kuhluka kwiidivaysi ezahlukeneyo ze-PLC. Xa idilesi ekujoliswe kuyo ichongiwe kwaye isulelekile, i-Stuxnet ifumana ulawulo lokuthintela yonke idatha ephuma ngaphakathi okanye ephuma kwi-PLC, kubandakanye nokukwazi ukuthoba loo datha.
Amagama eStuxnet ahamba ngawo
Ukulandela ezinye iindlela zenkqubo yakho ye-antivirus ingachonga i-Stuxnet worm:
- I-F-Secure : iTrojan-Dropper: W32 / Stuxnet
- Kaspersky : Rootkit.Win32.Stuxnet.b okanye Rootkit.Win32.Stuxnet.a
- McAfee : Stuxnet
- Norman : W32 / Stuxnet.A
- I-Sophos : iTroj / Stuxnet-A okanye i-W32 / Stuxnet-B
- Symantec : W32.Temphid
- I-Micro Micro : WORM_STUXNET.A
I-Stuxnet inokuba nayo "izalamane" ezihamba ngamagama ami njengeDuqu or Flame .
Indlela yokususa i-Stuxnet
Ekubeni i-software ye-Siemens yonakaliswe xa ikhompyutha ifakwe yi-Stuxnet, kubalulekile ukudibanisa nabo ukuba isifo sityholwe.
Nceda usebenzise inkqubo epheleleyo ye-anti-virus okanye i-AVG, okanye i-scanner-demand scanner njenge-Malwarebytes.
Kwakhona kuyimfuneko ukugcina iWindows ihlaziywe , enokuyenza ngeWindows Update .
Jonga indlela yokujonga kakuhle ikhompyutha yakho kwi-Malware ukuba ufuna uncedo.