Wednesday 15 July marks 10 years since the Stuxnet virus was revealed, the malicious worm that infected 100,000 computers.
Wednesday 15 July marks 10 years since the Stuxnet virus was revealed, the malicious worm that infected 100,000 computers.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Alex Hinchliffe, threat intelligence analyst, EMEA, at Unit 42, Palo Alto Networks comments:
“Many of the threats we see today do use various techniques first found in Stuxnet but never all together in a single threat or attack campaign, and not to the same level of sophistication as Stuxnet did.
“Contemporary threats, whether cybercrime or nation-state related, tend to be much simpler because, sadly, simpler still works. This is because too many target organisations – private or public sector – leave themselves open to remote attackers. By comparison, Stuxnet targeted and breached a much tougher challenge – air-gapped networks.
“Stuxnet has been largely unmatched since its discovery. Although we occasionally see destructive malware, such attacks often result in wiped or corrupted hard drives of systems that can be rebuilt fairly quickly. Likewise, we occasionally see industrial control system (ICS) aware threats but almost always where the malware interacts with the standard operating system of the host computer and not directly with the bespoke hardware or protocol of the control system, unlike Stuxnet.
“Despite recent speculation, most organisations are unlikely to face a Stuxnet type attack. But they are very likely to find their critical systems and processes to be disrupted by waves of commodity malware that are rising in volume with the growth of industrial IoT and sub-par protection of older ICS.
“There are practical steps that can be taken. Zero-days aside, patching any and all software applications, operating systems and hardware is crucial. Extending security beyond an organisation and into the supply chain is critical. This is about a shake-down of considering where you’re sharing things to, or receiving them from, and how other organisations interact with your organisation physically and digitally. And, of course, tighten up cyber hygiene, define strict security policies around network communication, enforce zero-trust network segmentation and employ end-point solutions to prevent unwanted devices, media, applications or protocols being used. Reducing the attack surface area in this way can also prove very useful in protecting systems that cannot be patched.”
Stuxnet was the first major case in cybersecurity history of digital weaponisation. It showed the magnitude of what was possible with cyber-attacks and the damage that could be done.
While never officially confirmed, it is widely agreed that Stuxnet was politically motivated and nation-state-sponsored due to its level of sophistication. It used four zero-day exploits and hid itself with a seemingly trustworthy digital certificate to go undetected when infecting computers. Furthermore, unlike many cyber-attacks before it, the aim of Stuxnet was to cause intentional damage as opposed to taking control of a system or stealing data. And while the attack appears to have had a specific target, many other entities found themselves collateral damage of the worm.
The likelihood of attack is increasing fast as the world becomes more digitised and interconnected. It doesn’t matter if your organisations has or hasn’t experienced attack. All should assume they are potential victims. If they don’t take appropriate action to secure their technology, they will not be able to minimise the potential damage – Stuxnet mark 2 could be right around the corner.
What should security teams do to protect themselves from nation-state threats?
There are plenty of resources at the disposal of nation-state attackers. As such, security teams need to capitalise on tools to enable them to gain full visibility over the attack surface, deploy tight network segmentation from the business to the operational technology networks and update network protocols. Security teams must choose vendors that collaborate with local government to ensure they are part of a group sharing vital intelligence and protection methods.