Stuxnet and the Emerging Cyber Arms Race

Tuesday, May 17, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The emergence of the Stuxnet virus two years ago was merely the first volley in what may amount to a cyber arms race, according to security consultant Eric Byres.

Byres made the comments while addressing attendees at the AusCERT 2011 conference in Australia this week.

The commonly held belief that Stuxnet was manufactured by a state actor to further geo-political interests leads Byres to believe we will see an escalation in the production similar designer malware.

“We have created an arms race because now countries like China are blaming the US for the Iran attack and saying we need one too. I think the next Stuxnet will be cruder but it will go after broad spectrum connections," said Byres.

Stuxnet was first identified in 2010, and both the New York Times and a German researcher have indicated the source of the malicious code was a joint program administered by the U.S. and Israel.

Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems which provide operations control for critical infrastructure and production networks, and leading theories indicate that the malware was probably produced to stifle Iran's nuclear warhead ambitions.

The Stuxnet virus attacks are thought to have caused severe damage to Iranian uranium enrichment facilities and reportedly set back the nation's nuclear program by as much as several years.

The virus specifically targeted Siemens Programmable Logic Controllers (PLCs) used to control enrichment centrifuges, and the design allowed for a great deal of self-propagation.

“Once the worm got out, he had many pathways to get in. The worm started analysing things we didn’t know about like shared network drives and print spooler services. It was able to exploit those drives and infect other computers," said Byres.

Byres believes the success of Stuxnet has made the virus a case study for the future of malware, and that we can expect more news of designer virus attacks sooner than later.

“The worm is acting like a training ground for cyber criminals. It’s showing them what can be done, and that’s why I believe son of Stuxnet is not far away," Byres warned.

Iranian officials announced in late April that they believed government systems were being targeted by a new malware strain dubbed "Stars", but Iran failed to produce a sample of the malware, and the lack of evidence to support the claims of a new strain casts serious doubt on whether the threat actually existed at all.

The announcement came one week after Iranian officials suggested that the German-based Siemens corporation was responsible for providing the intelligence necessary for the development of the Stuxnet virus, and should be held legally liable in the matter.

In the United States, a study released in mid-April titled "In the Dark: Crucial Industries Confront Cyberattacks" examined the state of information system security at companies that maintain critical infrastructure services.

The report concluded that the majority of companies do not put enough emphasis and resources behind information security efforts, and that the problem will continue to get more serious as these industries move on to adopt new technologies.

The lack of preparation for the defense of systems controlling critical infrastructure assets combined with the likelihood of the dissemination of Stuxnet-like designer malware is a dangerous scenario that warrants serious attention.

Possibly Related Articles:
17161
Viruses & Malware
SCADA China malware Cyber Security Stuxnet Headlines Infrastructure AusCERT Cyber Arms Race
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.