A Stuxnet Comeback?

  /     /     /  
Publicated : 22/11/2024   Category : security


A Stuxnet Comeback?


DHS officials warn of potential for son-of-Stuxnet aimed at U.S. critical infrastructure, but security experts say it wont be quite the same



Its been more than a year since Stuxnet was
first discovered wriggling its way through Windows machines around the world
and U.S. officials now worry that copycat attacks based on the worms complex model ultimately could emerge that go after more process control equipment than the Siemens equipment it targeted.
Sean McGurk, director of the DHS National Cybersecurity and Communications Integration Center, said in his testimony to the House Subcommittee on Oversight and Investigations yesterday that attackers could create variants of Stuxnet that go after more PLCs. Looking ahead, the Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems, he said in House hearing on Cybersecurity: An Overview of Risks to Critical Infrastructure.” Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now.
But security experts have mostly been skeptical of the possibility of a son-of-Stuxnet emerging. The malware is a highly sophisticated, layered attack that spread via USB drives and fileshares, exploiting flaws in Windows including a print spooler bug and two others that escalate user privileges to first infect a Windows machine running Siemens software to manage control systems. It then looks for a Siemens S7 PLC, which it attacks and changes its programming by injecting code into it.
It was a highly coordinated attack that required various types and levels of skill, including someone with know-how of PLCs, and another with know-how of USB drive infections -- and that is a rare combination. As the first known malware attack to target power plant and factory floor systems, it has been a
wake-up call for the potential damage that could be inflicted on a power plant
and the potential consequences to the physical world.
Tom Parker, director of security consulting services at Securicon, says Stuxnet could conceivably be retooled to hit other industrial control-type facilities, but that would be a nontrivial undertaking, he says.
You can download schematics within patent filings for nuclear centrifuges, too, but that doesnt mean everyone is going to go build themselves one. The PLC-specific portions of Stuxnet required a significant control-systems engineering talent to create, and similar levels of skills would be required to re-engineer it against other installations, Parker says.
ICS-CERT, meanwhile, has been analyzing and alerting government and industry about Stuxnets makeup over the past year. ICS-CERT’s purpose in conducting the Stuxnet analysis was to ensure that DHS understood the extent of the risks so that they could be mitigated. After conducting in-depth malware analysis and developing mitigation steps, we were able to release actionable information that benefited our private sector partners, DHSs McGurk said in
his testimony
.
DHS will continue to watch out for and analyze and mitigate any variants of Stuxnet that may emerge, he said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
A Stuxnet Comeback?