On Stuxnet Adaptation
March 21, 2012 | POSTED BY ANDREW RIDINGS IN MALWARE, TERRORISM
With the recent focus on Stuxnet due to the CBS 60 Minutes Special: Stuxnet: Computer worm opens new era of warfare
and the 60 Minutes Overtime special Stuxnet copycats: Let the hacking begin
, aired earlier this month, I was reminded of the extent our nation's critical infrastructure is at risk from cyber attack.
While in school, when Stuxnet was still new, I actually wrote a paper on the subject. So, I thought I'd dust it off.
In many ways computer worms are like a biological life form. They have to constantly adapt and survive in the environment around them, such as to avoid predators like anti-virus, IDS, anti-spyware and so on. They propagate their species, spreading using one or several vulnerabilities. Also like their biological counterparts, worms evolve and when something evolves, it does so in order to survive. Computer Security Researchers are beginning to see a new evolution of worms and malware. Recently, a new worm named Stuxnet has emerged on the Internet. Stuxnet is the next stage of evolution for malicious code, because of the many different technologies it utilizes. First, Stuxnet uses at least four zero-day exploits
for propagation and privilege escalation - this is unheard of since this kind of attack is hard to find and usually closely guarded. Second, Stuxnet combines technologies from other types of malware like rootkits and botnets. Finally, Stuxnet is a very complex and sophisticated piece of code, which took extensive insider-knowledge, heavy testing and lots of money in order to successfully infect the intended target. Stuxnet presents a clear picture that worms are making a transition from simple cold into a biological weapon.
At the time I wrote my paper I came in contact with several sources offering me the Stuxnet code, and as the 60 Minutes footage confirms, this code appears to be somewhat easy to retrieve on Internet hacking sites, by those of us ethical hackers and by the other guys who, just like myself, find its complexities and potential for havoc so intriguing.
So, how will the Stuxnet code or concept evolve? The 60 Minutes coverage notes that code targeting programmable logic controllers (PLCs) could be manipulated to cause pipeline pressure to build up, possibly causing explosions, in just one scenario. Now that the concept is proven, only time will tell, and it may be a matter of not if, but when "the most significant cyber weapon ever invented" or the concept behind it will be adapted for a new attack.
I plan to write more about Stuxnet as well as threats to SCADA environments that could be susceptible to attack over the next few months. Please comment if a particular question or topic comes to mind you would like to have explored.