Cyberwar with Stuxnet – This time it’s personal

Publish date:

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security. The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known […]

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security.
The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known attack is Stuxnet. Stuxnet is a virus that surfaced in June of this year was around for a year before that. Stuxnet exploits multiple vulnerabilities of which at least one was unknown before. It used a digital certificate stolen from Realtek to install itself. The virus spreads only via USB sticks. If you add all these facts up, this piece of malware is clearly the work of professionals – who find 0-day vulnerabilities, steal certificates from reputable vendors and are bold enough to leave physical traces when releasing their malware. They are not interested in someone’s home PC.
So what makes Stuxnet a weapon in cyberwar? Apart from the facts stated above, the actual payload is sophisticated. Malware experts have not been able to get to the bottom of it. But what is known (and confirmed by US government officials dealing with cyberwar) is that this virus was created to target a specific process control system somewhere in the world. The attacker must have had inside knowledge about the target system and how it is programmed. Only if a particular piece of code is found, does the payload become active. For the thousands of other infected systems, nothing happens.
It is not known yet what the effect will be and maybe we’ll never know. If this attack is effective, the victim may go to some lengths to hide the results.
What does this mean? It shows the enormous value of 0-day vulnerabilities. And, that the IT industry needs to take vulnerabilities as seriously as the hackers do.

Related Posts

Cybersecurity

Insider Threats: Getting to the left of Boom!

Dan Leyman
Date icon February 15, 2021

Mature, effective insider risk programs take the necessary next step to prevent insider...

Cybersecurity

IAM’s role within your enterprise cyber framework

Chris Williams
Date icon February 10, 2021

A strong IAM infrastructure can help the organization effectively apply its policies and...

Cybersecurity

Cybersecurity in 2021: Four predictions

Geert van der Linden
Date icon February 10, 2021

COVID-19 has heightened the importance of cybersecurity as a business enabler, giving...