Stuxnet worm is prototype for cyber-weapon, say security experts

Researchers have described Stuxnet as a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled team.

The malware exploited four zero-day vulnerabilities in software from Microsoft and two valid security certificates to target about a dozen Siemens supervisory control and data acquisition (SCADA) systems around the world.

Microsoft and Siemens have since released security patches for all vulnerabilities exploited in the attacks.
Stuxnet is believed to be the first known piece of malware to target real-world critical infrastructure such as nuclear power stations and water plants.

“The worrying thing about Stuxnet is that mischief or financial reward wasn’t its purpose”, said Paul Henry, a security analyst for security firm Lumension, who adds that its “aimed right at the heart” of critical infrastructure.

Henry, who called Stuxnet the most refined piece of malware ever discovered, says that governments across the globe need to re-think their critical infrastructure protection strategies.

“Traditional security technologies that are on the lookout for already identified malicious code will fail during such sophisticated attacks”, he warned.

The attackers had an intimate knowledge of SCADA technology, according to security firm Kaspersky Lab, which has been studying the malware.

Stuxnet proves that the defense of any critical infrastructure cannot be put in the hands of traditional security technologies, said Mark Darvill, director at security firm AEP Networks.

"The sophistication of this threat has the potential to cause widespread disruption or worse, if successful", he said.

Darvill said infrastructure providers need to scale up security in the same way the military does when delivering intelligence to dangerous combat zones.

Security thinking needs to switch from allowing everything in until it is proved to be bad, to preventing anything from coming in unless it is proved to be good, said Alan Bentley, senior vice-president international at Lumension.

Stuxnet marks a distinct move from financially motivated crime to cyber-terrorism and cyber-war, said Eugene Kaspersky, chief executive of Kaspersky Lab.

Speaking at the Kaspersky Security Symposium in Munich, Eugene Kaspersky described Stuxnet as the "opening of Pandora's box".

"Stuxnet was not designed to steal money, send spam or grab personal data. It was designed to sabotage plants and to damage industrial systems," he said.

Kaspersky Lab believes that Stuxnet is a working prototype of a cyber-weapon that could lead to a cyber-arms race.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?