By: Kathleen Lau On: 24 Sep 2010 For: ComputerWorld Canada Creator
The devious worm first discovered in Iran in July and built to attack the physical world that is industrial control systems is not your run-of-the-mill threat, warns a Symantec expert. The new era of cyber attacks on the smart devices that manage your life
Access to IT World Canada is restricted to registered users, however we're pleased to provide you with 3 temporary guest passes. Obtain unlimited access to all of our content by registering today. For existing registrants, please log in.
A Symantec Corp. expert thinks Stuxnet, a worm first discovered on PCs in Iran in July that has since attacked several industrial control systems, signals the start of a never-before-seen breed of cyber attack intentionally designed to inflict massive harm in the physical world.
"The intent of this threat is clearly not trying to steal information, but in some way get into industrial control systems to be in a position to potentially create destruction," said Gerry Egan, director of product management with Cupertino, Calif.-based Symantec.
With end users' lives increasingly tethered to smart devices, Egan said there has to be an awareness that these machines are beginning to, and have, come under attack.
"It is a very significant milestone on the threat landscape without a doubt," said Egan.
Stuxnet was found in Iran by researchers at Belarus-based security firm VirusBlokAda Ltd. this summer. Specifically built to target Siemens AG industrial control systems, it has since managed to affect a number of Siemens plants but did not cause production malfunction or damage.
Stuxnet is hardly run-of-the-mill, with characteristics that couldn't have come easy. Egan estimates its creation took six months and between five and 10 people with extensive knowledge of the Windows operating system and industrial control systems software and hardware.
Moreover, Stuxnet exploits four zero-day vulnerabilities. Putting that in perspective, Symantec's 2009 Threat Report listed only 12 known zero-day vulnerabilities. The makers of Stuxnet also went to the trouble to use two stolen digital certificates, and two rootkits.
"All that together means an incredible effort went into this," said Egan.
To top it all, there was a bit of social engineering effort involved. The worm took advantage of a Windows vulnerability, then unknown and since patched, and spreads between machines via USB stick. "How did these USB keys come to be inside these organizations? Well maybe they were dropped in the parking lot outside," said Egan. "We don't quite know what the mechanics were."
Although Egan refused to conjecture what the identities of the makers were, he did say "it looks like a lot of effort went into this, so it was a well-funded body, well-organized."
But Kaspersky Lab researcher Roel Schouwenberg did say Stuxnet is very likely the work of a nation state. "This sounds like something out of a movie," Schouwenberg said. "But I would argue it's plausible, suddenly plausible, that it was nation state-backed."