The headlines seemed all too familiar – “New malware attack”. How many times have we seen this before? Digital security threats have become commonplace in our interconnected and IT-dependent world. Something was different with this news, however.
The attack occurred at an Iranian nuclear facility. Okay so now I am hooked. What was going on? What is the so-called Stuxnet virus? Where did it come from, who was behind it, how did it work, when will it show up on other systems, and what can be done to defend against this form of attack in the future?
This was no ordinary attack. As researchers later discovered, the attack utilised four different Zero Day exploits on Windows platforms. In addition to the Zero Day attacks, the payload included a stolen digital certificate that was issued by Verisign. The virus was self-propagating and spread to numerous machines, and was to locate and operate a valve or control module that was a critical part of the nuclear facility’s infrastructure, with the intent of disabling or damaging the facility. In other words: to act as a weapon.
The Stuxnet malware is estimated to have taken ten man-years to develop, and has an extremely sophisticated code base. The tools used, the timestamps on the binaries and the number of modules all suggest multiple development teams working in tandem. The origin of the malware is unverified but the security community has concluded that it was probably developed by a nation state or states attempting to disrupt the Iranian nuclear program.
It is a well-established fact that many weapons developed by nation states for military use eventually become available to other non nation-state entities, like terrorists and criminal organisations. Examples include night-vision goggles, GPS systems, airborne drones, fully automatic rifles, Kevlar body armor, and shoulder-launched missiles. These are just a few of the technologies developed for national militaries that are now routinely employed by criminal gangs, terrorists, and rogue nation states.
The pertinent question is: when will the Weaponised Malware and its derivatives be used by these entities to destroy, disable or steal valuable assets and information from other nations, utilities, banks, or telecommunication companies? The answer is that we do not know when but we are sure that it will happen. How can threatened organisations assess and address this new security risk?
Page: 1 2
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…