Stuxnet spyware targets industrial facilities, via USB memory stick
Beware the USB memory stick. Infected sticks are the means by which a mystery spyware, dubbed Stuxnet, is penetrating control systems of industrial facilities and utilities around the globe, say cybersecurity experts.
(Page 3 of 3)
Third, the spyware payload – or its core program – was tailored to hunt for Siemens’ SIMATIC WinCC and PCS 7 programs and to download the history of the systems' operations. That history could include pressures, temperatures, voltages, and all manner of SCADA settings for factories or power plant operators, Byres says. Such a history could, for instance, allow the attacker to replicate the proprietary settings for production of a costly chemical. For a utility, it’s less obvious what use that would be, although it may provide a larger understanding of the settings of a power plant’s turbines, for instance.Skip to next paragraph
Subscribe Today to the Monitor
The spyware was detected by VirusBlokAda, an antivirus company based in Belarus, in mid-June. But its SCADA-specific payload was not recognized until last week. The spyware may even have been active many months earlier, judging from a January 2010 digital "time stamp" on it, says Chester Wisniewski, senior security analyst in the Vancouver office of Sophos, a global computer security firm.
An 'advanced persistent threat'?
The attack suggests that someone with deep pockets is behind it, to be sure. But it also is an example of what some cybersecurity experts call "advanced persistent threat," that is, attackers whose goals are not a big financial payoff but rather an ability to lurk for long periods on corporate or government systems in order to steal secrets – or lay the groundwork for cyberwar.
Security experts in the utility industry say only a nation state or very deep-pocketed organization staffed by professional hackers could have pulled off this triple-play malware.
"One of the best ways to attack the power grid is through a USB stick, to give it to a human being to just walk it past all the cyberdefenses and firewalls that have been set up – and then just put it straight into a vulnerable computer. It's really perfect," says one utility-industry cybersecurity expert who asked not to be named because of his sensitive position.
Microsoft was working on a software patch to address the attack at time of publication. Siemens on Thursday began offering a software tool to deal with the threat. Yet the problem of patching SCADA systems will be slow, difficult, and costly, experts say. In the past, utilities and others have resisted efforts to bolster cyberdefenses largely because of the costs involved in upgrades.
Siemens, GE, and ABB, as well as other control system vendors and users from several countries, will meet in London in October to discuss strategies for blocking the advanced threat now targeting their systems globally, the Sans Institute, a computer security group, reported.
Yet the fundamental threat remains, experts say.
"The good news as far as the power grid goes is that there's awareness, because the threat has been discovered and advisories have gone out," says the utility cyberexpert who asked for anonymity. "The bad news is that not everyone is as mature in dealing with these problems as they need to be. Right now there's a big window of exposure."
- US oil industry hit by cyberattacks: Was China involved?
- Google cyber attacks a 'wake-up' call for US, intel chief says
- Google cyber attack: the evidence against China