Cyberwar with Stuxnet – This time it’s personal

Publish date:

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security. The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known […]

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security.
The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known attack is Stuxnet. Stuxnet is a virus that surfaced in June of this year was around for a year before that. Stuxnet exploits multiple vulnerabilities of which at least one was unknown before. It used a digital certificate stolen from Realtek to install itself. The virus spreads only via USB sticks. If you add all these facts up, this piece of malware is clearly the work of professionals – who find 0-day vulnerabilities, steal certificates from reputable vendors and are bold enough to leave physical traces when releasing their malware. They are not interested in someone’s home PC.
So what makes Stuxnet a weapon in cyberwar? Apart from the facts stated above, the actual payload is sophisticated. Malware experts have not been able to get to the bottom of it. But what is known (and confirmed by US government officials dealing with cyberwar) is that this virus was created to target a specific process control system somewhere in the world. The attacker must have had inside knowledge about the target system and how it is programmed. Only if a particular piece of code is found, does the payload become active. For the thousands of other infected systems, nothing happens.
It is not known yet what the effect will be and maybe we’ll never know. If this attack is effective, the victim may go to some lengths to hide the results.
What does this mean? It shows the enormous value of 0-day vulnerabilities. And, that the IT industry needs to take vulnerabilities as seriously as the hackers do.

Related Posts

Cyber Attacks

Is your cybersecurity insurance dynamic enough for today’s threat landscape?

Geert van der Linden
Date icon May 3, 2021

To provide effective insurance, and claim their stake within this growing market, insurance...

cloud

Looking to improve business agility? Start with a move to cloud security

Geert van der Linden
Date icon April 19, 2021

Cloud Security Services offer organizations a pragmatic and cost-effective solution

Cyber Attacks

False positives in web application security – take up the challenge!

Date icon April 16, 2021

Streamline manual effort and enhance automated tactics to analyze code from within.