Stuxnet Worm Is Straight Out of a Cyber Espionage Thriller
Researchers from both Kaspersky and Symantec say they have never seen a piece of malware utilize that many avenues of attack. "That's really, really crazy," Liam O Murchu of Symantec told InfoWorld. (Honestly, that's not the response we want to hear from our security experts.) In addition to seriously heavy firepower, Stuxnet boasts a laser-like focus. It specifically targets so-called SCADA systems that control large-scale industrial facilities like factories, power plants, oil pipelines and even military installations. Once inside a network, often thanks to being planted with an infected USB drive, the worm spreads quietly, and passes new instructions to industrial machinery attached to the network.
The worm went largely undetected because the creators intentionally limited its spread. Each machine infected could only pass Stuxnet to three additional machines, and it would only target those that had SCADA software installed. The malware also used two stolen digitally signed certificates to avoid detection by security software. "The organization and sophistication to execute the entire package is extremely impressive," said Roel Schouwenberg, a researcher at Kaspersky.
Stuxnet is so sophisticated that both Schouwenberg and O Murchu told InfoWorld they doubt that it could be the work of an elite cybercrime game, nor a single hacker. "They wanted to reprogram the PLCs (programmable logic controls) and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage," O Murchu said. Schouwenberg followed by saying "the most plausible scenario is a nation state-backed group."
Stuxnet seems to be clearly targeted at Iranian facilities, which leaves us with one major question: who is brazen enough to start a cyber-war with the notoriously unpredictable country?