The recent Stuxnet worm attack is raising concerns about the intent, purpose, origins and, most importantly, the identity of the attacker and target. It is also thought to herald an era of cyber-weapons, cyber-wars and cyber-terrorism.
So says Eugene Kaspersky, CEO and co-founder of Russian Internet security giant, Kaspersky Lab.
Discovered in June, the Stuxnet worm has been described by security guru Bruce Schneier as a "groundbreaking piece of malware, so devious in its use of unpatched vulnerabilities, so sophisticated in its multi-pronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals”.
The security company says it has not seen enough evidence to identify the attackers or the intended target. However, it confirmed this is a one-of-a-kind sophisticated malware attack backed by a well-funded, highly-skilled attack team, with intimate knowledge of supervisory control and data acquisition (SCADA) technology. “This type of attack could only be conducted with nation-state support and backing.”
Kaspersky likens Stuxnet to the opening of “Pandora's Box”. According to him, this particular malware was not designed to steal money or personal data, or to send spam, but rather to sabotage plants and damage industrial systems.
“I am afraid this is the beginning of a new world. The '90s was a decade of cyber-vandals, 2000s was a decade of cyber-criminals, now it is a new era of cyber-wars and cyber-terrorism,” he says.
The company's researchers found the worm exploited four separate zero-day vulnerabilities. Three of these were reported directly to Microsoft, and Kaspersky Lab worked with the vendor during the creation and release of the respective fixes. Over and above the four vulnerabilities, Stuxnet also used two valid certificates (from Realtek and JMicron) which helped it remain undetected for quite a long time.
Kaspersky says ultimately, the worm aimed to access Simatic WinCC SCADA, used as industrial control systems to monitor and control industrial, infrastructure, or facility-based processes. Similar systems are widely used in oil pipelines, power plants, large communication systems, airports, ships, and even military installations.
“The inside knowledge of SCADA technology, the sophistication of the multi-layered attack, the use of multiple zero-day vulnerabilities and legitimate certificates” led Kaspersky Lab to believe the worm was created by a team of highly-skilled professionals, with access to vast resources, both financial and otherwise.
However, the fact that the attack was targeted primarily at Iran led to the understanding that this was not a group of regular cyber-criminals.
“Our security experts who analysed the worm code insist that Stuxnet's primary goal was not to spy on infected systems, but to conduct sabotage. The development of Stuxnet was most likely backed by a nation state, which had strong intelligence data at its disposal,” explains Kaspersky.
Kaspersky concludes that Stuxnet is a working, and fearsome prototype of a cyber-weapon, that will lead to the creation of a new arms race in the world, a cyber-arms race.
Share
