Stuxnet
Anyone following security news will have heard about Stuxnet. It has attracted rare accolades in a way we haven’t seen in a very long time. For anyone just arrived back from a desert island, this is an attack on SCADA control systems (that’s the computer control stuff used in factories, water treatment plants and other industrial situations) that is very well written, uses state of the art methods to find and infect systems and shipped attacking vulnerabilities in Windows no one knew existed. Sophisticated indeed. It’s hard to know whether to be impressed by the quality of engineering or shocked at the risk and fact no one found it for so long.
Here’s a list of headlines about it;
This is without any doubt the most sophisticated targeted attack we have seen so far — Kaspersky Labs
‘The fact that Stuxnet targets four previously unidentified vulnerabilities makes the worm a real standout’.
Is Stuxnet the ‘best’ malware ever? — Computerworld
‘… so sophisticated … it may be the work of state-backed professionals’.
Attackers used 4 Windows zero-day exploits — ZDNet
‘Of the four exploits used two remained unpatched as at 14th Sept’.
Stuxnet worm written over a year ago — PC World
.’Whilst it was identified mid July this year Symantec claim to have found an early version dated from June 2009’.
Stuxnet introduces the first known rootlet for industrial control systems - -Symantec
‘It’s amazing, really, the resources that went into this worm’.
Should we take careful note that the most sophisticated worm of all time, the best engineered and most likely to have been sponsored by some nation state was targeted against SCADA controls? These are the systems that control water, gas and oil pipes, sewage and other industrial things in a real world. Rebuilding Windows boxes every eighteen months because they get slow is one thing but having someone remotely open open dam gates with a virus is another matter.
How many more of these are hidden out there? Is this the start of some new cold war on the internet where nation states compete to prove who can design the most malicious and hidden viruses? Do the rest of glibly become ‘collateral damage?
If you’re a council, local body, utility company or contractor there are three extremely tough questions that arise from this saga:
1. How could you determine what data was taken from your network?
2. How could you work out how the attackers broke in?
3. If your anti virus is ineffective, how could you even detect viruses or malware on hosts?
Comments
Post new comment