Stuxnet 'Industrial Virus' Hits Iran Hard

A sophisticated computer virus that targets solely Siemens SCADA, or "supervisory control and data acquisition," systems, has infiltrated systems across the globe, and has hit Iran "very hard." The Stuxnet virus has reportedly struck industrial sites throughout Iran, including its nuclear facilities.

SCADA systems are commonly used to manage oil rigs, power plants, water facilities, and other industrial plants. Stuxnet was first identified this summer, but the Windows vulnerability exploited by the malware was first described in April of 2009. Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year. Two of the four vulnerabilities exploited by the worm were patched in this month's Patch Tuesday.

At the same time, on Saturday, it was reported that the United States knows neither the source nor the purpose of Stuxnet. It should be noted that for some time there has been concern that attackers may one day hack into or attack (via malware) the infrastructure of countries, and the attack on Siemens systems fits right into that mold.

The vulnerability of these Windows-based systems that aren't personal computers, but have the same exploits available has been expressed before as well. Often, these systems, which also include print servers and anything Windows-based, are not protected by antivirus software, and are not regularly patched.

Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC) said,
"One of our hardest jobs is attribution and intent. We've conducted analysis on the software itself. It's very difficult to say 'This is what it was targeted to do.' "We know that it's not doing anything specifically malicious right now. It would be premature to speculate at this time. "We're not looking for where it came from but trying to prevent the spread."
McGurk added that Siemens is "reaching out to their customer base" to help deal with the infection.

The sophistication of the malware has led to some speculation by security experts that it was created by state-sponsored developers or some sort of state secret service. Based on its state-sponsored hackers or a state secret service. The malware has also been reported in Indonesia, Pakistan, India and more and thus, it is unclear that Iran was a primary target. However, the sheer number of systems in Iran that have been hit by Stuxnet is out-of-bounds with the rest of the infection statistics.


One Iranian official, Mahmud Liai of the Ministry of Industry and Mines, was quoted as saying that 30,000 Iranian computers had been affected. He added that Stuxnet was “part of the electronic warfare against Iran.”

According to German computer security researcher Ralph Langner, who has been analyzing Stuxnet since it was discovered in June, Stuxnet is able to recognize a specific facility's control network and then destroy it. He believes Stuxnet's primary target was the Bushehr nuclear facility in Iran. That plant was built with Russian help, but unspecified problems have delayed its operation.
Via:  Various
Tags:  Malware, virus, Iran, Siemens
Comments
acarzt 4 years ago

That's crazy... kinda scary too.

I see the potential for a nuclear meltdown if this were to get out of hand.

Inspector 4 years ago

i can see lots of trouble brewing up from this. Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target. I can see one of these day a virus will get in to a system and launch a missile somewhere...

3vi1 4 years ago

>> Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target.

I would not recommend security through obscurity... that's just another path for them to re-implement bugs and holes that have long been worked out of mature operating systems.  If that actually worked, Windows would be "secure" because people don't have access to the source.  Of course, Windows wide array of security holes has allowed hackers to get access to the source (and promptly torrent it) on occasion, so there you get all the downsides and none of the benefit from white-hats.

They need to be using some form of SELinux or BSD (like the U.S. Army and Navy do for critical systems) - something where the code has had a tens of thousands of eyes on it and been proven secure. It has the same benefit of your idea too - preventing the users from accidentally bringing in a home virus and tainting the system.

Juniper and Cisco have made the same move: JunOS has always been based on the FreeBSD kernel, and Cisco's OS-NX is now using the Linux Kernel. These are enterprise routers and firewalls where security is the highest priority.

realneil 4 years ago

"Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year".

WTF???

3vi1 4 years ago

They have a history of ignoring reports until an actual exploit exists.

Remember a while back when MS told everyone how horrible Tavis Ormandy was? They were mad at him because he released an exploit so that they couldn't ignore his report.  He included this in the text of the release:

"I would like to point out that if I had reported the MPC::HexToNum() issue without a working exploit, I would have been ignored.

Without access to extremely smart colleagues, I would likely have given up, leaving you vulnerable to attack from those who just want root on your network and do not care about disclosure policies."

So, Microsoft blasted him in words... and continue to prove him right in action.

digitaldd 4 years ago

New headline: Israeli Virus hits Iran hard.

Post a Comment
or Register to comment