Cyberwar with Stuxnet – This time it’s personal

Publish date:

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security. The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known […]

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security.
The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known attack is Stuxnet. Stuxnet is a virus that surfaced in June of this year was around for a year before that. Stuxnet exploits multiple vulnerabilities of which at least one was unknown before. It used a digital certificate stolen from Realtek to install itself. The virus spreads only via USB sticks. If you add all these facts up, this piece of malware is clearly the work of professionals – who find 0-day vulnerabilities, steal certificates from reputable vendors and are bold enough to leave physical traces when releasing their malware. They are not interested in someone’s home PC.
So what makes Stuxnet a weapon in cyberwar? Apart from the facts stated above, the actual payload is sophisticated. Malware experts have not been able to get to the bottom of it. But what is known (and confirmed by US government officials dealing with cyberwar) is that this virus was created to target a specific process control system somewhere in the world. The attacker must have had inside knowledge about the target system and how it is programmed. Only if a particular piece of code is found, does the payload become active. For the thousands of other infected systems, nothing happens.
It is not known yet what the effect will be and maybe we’ll never know. If this attack is effective, the victim may go to some lengths to hide the results.
What does this mean? It shows the enormous value of 0-day vulnerabilities. And, that the IT industry needs to take vulnerabilities as seriously as the hackers do.

Related Posts

Cybersecurity

Is your Operational Technology (OT) environment insider safe?

Dan Leyman
Date icon September 8, 2020

Organizations need to exercise due diligence and care to ensure their vendors, contractors,...

Cybersecurity

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
Date icon September 3, 2020

For AI to work effectively, organizations need to build a roadmap that addresses...

Cybersecurity

Identity access management (IAM) – the new normal

Dino Karanikas
Date icon August 27, 2020

Having an upgraded IAM plan in place will not only let you sleep better at night; it will...