Stuxnet Returns, Striking Iran with New Variant

Written by

Iran’s critical infrastructure and strategic networks were attacked with what is reportedly a more sophisticated variant of the decade-old Stuxnet attack, according to Reuters. Iran’s head of civil defense agency, Gholamreza Jalali, told reporters that the newly discovered next-generation of Stuxnet that was trying to enter the systems consisted of several parts.

At a live press conference on October 28, Iran’s Supreme Leader Ayatollah Ali Khamenei said, “In the face of sophisticated methods used by enemies’ in their onslaught, the passive defense must be totally vigilant and serious.”

Reports from The Times of Israel raise questions about the attacker’s motivation, noting that news of the attack came hours after Israel said its intelligence agency, Mossad, had thwarted an Iranian murder plot in Denmark.

While no one is pointing the finger of blame in any direction just yet, “the ‘new Stuxnet’ attack is the latest indicator of the cyber-war that many governments are actively engaged in,” said Broderick Perelli-Harris, senior director of professional services at Venafi. “The details are still patchy, but it seems that Israeli intelligence relied on an old attack blueprint here.

“In the initial Stuxnet attack, the US and Israeli governments used stolen machine identities to infect Iranian nuclear centrifuges with the virus. Now, over 22 million pieces of malware use that blueprint to attack organizations and states alike across the world – all the signs point to the same method being used again here. It’s easy for organizations and governments to ignore when it’s used against an adversarial state, but the blueprint remains ‘in the wild’ for cyber-criminals to exploit.”

Given that cyber-weapons are prone to boundless proliferation, Perelli-Harris warned that this new Stuxnet variant should serve as a reminder that governments need to think very carefully when they are creating cyber-arms so that they do not escalate the problem. Once in the wild, they are impossible to control.

As is evidenced by the new generation of Stuxnet, cyber-arms can escalate into more violent, advanced and sophisticated variants. “Considering that subsequent variations on Stuxnet, namely Flame, Duqu, Stars, Shamoon and Nitro Zeus all had different payload delivery methods from their grandparent, it’s entirely plausible that the new generation of Stuxnet does also and that it will continue to evolve,” said Lewis Henderson, vice president of product marketing at Glasswall Solutions.

“With operators of critical national infrastructure unable to progress and update their operational technology at the same pace as their IT counterparts, there are known gaps and weaknesses that simply aren’t getting plugged. We can only hope news of this new version of Stuxnet has reached the highest level of decision making – because we’ve already seen what happens when you use old technology to fight a new adversary.”

What’s hot on Infosecurity Magazine?