A Stuxnet Comeback?

DHS officials warn of potential for son-of-Stuxnet aimed at U.S. critical infrastructure, but security experts say it wont be quite the same

Its been more than a year since Stuxnet was
first discovered wriggling its way through Windows machines around the world
and U.S. officials now worry that copycat attacks based on the worms complex model ultimately could emerge that go after more process control equipment than the Siemens equipment it targeted.
Sean McGurk, director of the DHS National Cybersecurity and Communications Integration Center, said in his testimony to the House Subcommittee on Oversight and Investigations yesterday that attackers could create variants of Stuxnet that go after more PLCs. Looking ahead, the Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems, he said in House hearing on Cybersecurity: An Overview of Risks to Critical Infrastructure.” Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now.
But security experts have mostly been skeptical of the possibility of a son-of-Stuxnet emerging. The malware is a highly sophisticated, layered attack that spread via USB drives and fileshares, exploiting flaws in Windows including a print spooler bug and two others that escalate user privileges to first infect a Windows machine running Siemens software to manage control systems. It then looks for a Siemens S7 PLC, which it attacks and changes its programming by injecting code into it.
It was a highly coordinated attack that required various types and levels of skill, including someone with know-how of PLCs, and another with know-how of USB drive infections -- and that is a rare combination. As the first known malware attack to target power plant and factory floor systems, it has been a
wake-up call for the potential damage that could be inflicted on a power plant
and the potential consequences to the physical world.
Tom Parker, director of security consulting services at Securicon, says Stuxnet could conceivably be retooled to hit other industrial control-type facilities, but that would be a nontrivial undertaking, he says.
You can download schematics within patent filings for nuclear centrifuges, too, but that doesnt mean everyone is going to go build themselves one. The PLC-specific portions of Stuxnet required a significant control-systems engineering talent to create, and similar levels of skills would be required to re-engineer it against other installations, Parker says.
ICS-CERT, meanwhile, has been analyzing and alerting government and industry about Stuxnets makeup over the past year. ICS-CERT’s purpose in conducting the Stuxnet analysis was to ensure that DHS understood the extent of the risks so that they could be mitigated. After conducting in-depth malware analysis and developing mitigation steps, we were able to release actionable information that benefited our private sector partners, DHSs McGurk said in
his testimony
.
DHS will continue to watch out for and analyze and mitigate any variants of Stuxnet that may emerge, he said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps