Using a USB to deliver the worm, Stuxnet contained a print spooler bug, two elevation of privilege (EoP) bugs, and a bug that exposed the same vulnerability as the familiar Conflicker worm (attacking the computer's usernames and passwords). In conjunction with all of these bugs, "the attack code seemed legitimate because the people behind Stuxnet had stolen at least two signed digital certificates." It is also believed that the code was so specific that the programmers would have needed the same hardware as the SCADA machines that they were targeting, and they also must have had knowledge about the specifics of the operations of the factory floor. The hackers also took efforts to minimize the risk of their discovery by creating counters so that the different infected USBs could not spread to more than three machines. This also ensured that the bug only spread to the necessary target machines.
The resources and financial backing that must have been necessary to support this attack indicate that this was too large scale to be a private attack. Similarly, there was no intention of stealing information, which also implies that this was not a private attack from some sort of competitor. The attack was targeted at Iran with the intention of controlling the machinery against the real operator's control. It appears to be above simple "industrial espionage."
The cause was a security breach via USB that compromised the authority to control the SCADA program on the targeted machines. In order to recovery and respond from this attack, I would recommended getting the patch updates that the antivirus companies produced for all four of the zer0-day attacks. Furthermore, if it is feasible, I would consider some stricter security software with more authentication processes. This particular case could have been avoided also if there was also a stricter policy regarding the use of the USB drive. In the future, it is important for these companies, and all companies, to be very aware of the potential for malware attacks. Although this high-tech and very intelligent attack is difficult to detect, it is always good to consistently update antivirus software and regularly test your major computer software.
http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_?taxonomyId=17&pageNumber=1
Posts
Obviously portable USB drives are an extremely useful and important piece of technology. There are many practical uses for a portable storage device in academia, the business world, and other facets of life. Unfortunately, USB drives have also contributed to two security breaches that we have studied so far in this course. When millions of veterans' personal information was leaked out of the VA, a USB drive was in the middle of the leak. In this situation, a USB drive has been used to plant a virus that compromised the authority to control the SCADA program on targeted computers. USB drives will not be totally cut out, but I think, as PK stated, that it is important to have policies on reducing the usage of USB drives.
ReplyDeleteI agree with PK - I think it is very important that users constantly update their antivirus software and test your security. I think this is where white-hat hackers can be effective. They can, hopefully, find these weaknesses or threats before a real hacker exploits the weaknesses. However, I'm not sure white-hat hackers would've been helpful in this situation, because this virus was brand new and "groundbreaking".