The headlines seemed all too familiar – “New malware attack”. How many times have we seen this before? Digital security threats have become commonplace in our interconnected and IT-dependent world. Something was different with this news, however.
The attack occurred at an Iranian nuclear facility. Okay so now I am hooked. What was going on? What is the so-called Stuxnet virus? Where did it come from, who was behind it, how did it work, when will it show up on other systems, and what can be done to defend against this form of attack in the future?
This was no ordinary attack. As researchers later discovered, the attack utilised four different Zero Day exploits on Windows platforms. In addition to the Zero Day attacks, the payload included a stolen digital certificate that was issued by Verisign. The virus was self-propagating and spread to numerous machines, and was to locate and operate a valve or control module that was a critical part of the nuclear facility’s infrastructure, with the intent of disabling or damaging the facility. In other words: to act as a weapon.
The Stuxnet malware is estimated to have taken ten man-years to develop, and has an extremely sophisticated code base. The tools used, the timestamps on the binaries and the number of modules all suggest multiple development teams working in tandem. The origin of the malware is unverified but the security community has concluded that it was probably developed by a nation state or states attempting to disrupt the Iranian nuclear program.
It is a well-established fact that many weapons developed by nation states for military use eventually become available to other non nation-state entities, like terrorists and criminal organisations. Examples include night-vision goggles, GPS systems, airborne drones, fully automatic rifles, Kevlar body armor, and shoulder-launched missiles. These are just a few of the technologies developed for national militaries that are now routinely employed by criminal gangs, terrorists, and rogue nation states.
The pertinent question is: when will the Weaponised Malware and its derivatives be used by these entities to destroy, disable or steal valuable assets and information from other nations, utilities, banks, or telecommunication companies? The answer is that we do not know when but we are sure that it will happen. How can threatened organisations assess and address this new security risk?
Page: 1 2
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…