Stuxnet: The most serious threat yet?
The Stuxnet worm has been causing alarm bells to ring in the security industry but what is it and how serious a threat does it pose?
An alarming characteristic of Stuxnet is its ability to inject its own code in what are known as programmable logic controllers (PLCs).
"These PLCs are used to control various items in industrial projectors, such as controlling a motor speed, or it could change the power going to an industrial outlet, or raise or lower the pressure of gas, for example," Symantec security expert Patrick Fitzgerald told IT PRO.
"Depending on the installation infected with this, the consequences have the potential to be very serious."
Indeed, the implications of this are seriously concerning. What if hackers are able to gain control of a government system or a nuclear power plant?
As yet, it unsure what the attackers are planning to do with Stuxnet, Fitzgerald said. So it could be a case of wait and see.
Another concern is that even though the serious Stuxnet exploits have been countered by security efforts, the damage may have already been done.
"It seems to be under control now given its weak command and control mechanism, but it is possible that it achieved its purpose already," Wolfgang Kandek, chief technology officer at Qualys, told IT PRO.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The most sophisticated malware ever
The general consensus is that Stuxnet is the most sophisticated piece of malware that has ever been created.
"Stuxnet is an impressive example of the competence of the malware authors," Kandek said.
"The latest variant contained four zero-day vulnerabilities and we believe that this is an indication of the level of focus that the attackers put into the malware,"
Liam O Murchu, manager of operations with Symantec's security response team, said in a blog that a threat using four zero-day vulnerabilities is "extraordinary" and shows incredible thought and planning on behalf of the Stuxnet creators.
"It is the first threat we have encountered that contains this many surprises in a single package. Before we detected this new vulnerability, it would have been worth a fortune to hackers," noted Alexander Gostev, chief security expert at Kaspersky Lab.
"It has to be said, the malware writers have demonstrated quite remarkable programming skills."
In perhaps another industry first, Stuxnet has managed to gain widespread admiration and at the same time inspire pervasive concern.
Political motivations
Stuxnet may also be a state-sponsored effort something that has been suggested by security professionals themselves.
In an analysis of the countries Stuxnet had been attacking back in July, Microsoft found the most targeted country was Iran, with Indonesia in second. The number of infection attempts in those countries was far ahead of other nations, raising questions as to why Stuxnet was being directed at them more than others.
Having spoken to a number of researchers, the feeling is that given the skill and time it would have taken to create Stuxnet, it also would have needed significant financial backing.
With these facts in mind it is possible, perhaps even likely, that Stuxnet is a state-sponsored worm, as some researchers have said.
Of course, there is no clear evidence of political motivation at the current time.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.