Stuxnet: The most serious threat yet?
The Stuxnet worm has been causing alarm bells to ring in the security industry but what is it and how serious a threat does it pose?
An alarming characteristic of Stuxnet is its ability to inject its own code in what are known as programmable logic controllers (PLCs).
"These PLCs are used to control various items in industrial projectors, such as controlling a motor speed, or it could change the power going to an industrial outlet, or raise or lower the pressure of gas, for example," Symantec security expert Patrick Fitzgerald told IT PRO.
"Depending on the installation infected with this, the consequences have the potential to be very serious."
Indeed, the implications of this are seriously concerning. What if hackers are able to gain control of a government system or a nuclear power plant?
As yet, it unsure what the attackers are planning to do with Stuxnet, Fitzgerald said. So it could be a case of wait and see.
Another concern is that even though the serious Stuxnet exploits have been countered by security efforts, the damage may have already been done.
"It seems to be under control now given its weak command and control mechanism, but it is possible that it achieved its purpose already," Wolfgang Kandek, chief technology officer at Qualys, told IT PRO.
The most sophisticated malware ever
The general consensus is that Stuxnet is the most sophisticated piece of malware that has ever been created.
"Stuxnet is an impressive example of the competence of the malware authors," Kandek said.
"The latest variant contained four zero-day vulnerabilities and we believe that this is an indication of the level of focus that the attackers put into the malware,"
Liam O Murchu, manager of operations with Symantec's security response team, said in a blog that a threat using four zero-day vulnerabilities is "extraordinary" and shows incredible thought and planning on behalf of the Stuxnet creators.
"It is the first threat we have encountered that contains this many surprises in a single package. Before we detected this new vulnerability, it would have been worth a fortune to hackers," noted Alexander Gostev, chief security expert at Kaspersky Lab.
"It has to be said, the malware writers have demonstrated quite remarkable programming skills."
In perhaps another industry first, Stuxnet has managed to gain widespread admiration and at the same time inspire pervasive concern.
Stuxnet may also be a state-sponsored effort something that has been suggested by security professionals themselves.
In an analysis of the countries Stuxnet had been attacking back in July, Microsoft found the most targeted country was Iran, with Indonesia in second. The number of infection attempts in those countries was far ahead of other nations, raising questions as to why Stuxnet was being directed at them more than others.
Having spoken to a number of researchers, the feeling is that given the skill and time it would have taken to create Stuxnet, it also would have needed significant financial backing.
With these facts in mind it is possible, perhaps even likely, that Stuxnet is a state-sponsored worm, as some researchers have said.
Of course, there is no clear evidence of political motivation at the current time.
In This Article
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download