Tuesday, 3 December 2013

Governments preparing Stuxnet 2.0 malware for nuclear strike

Cooling towers at a nuclear power station
The Israeli and Saudi Arabian governments are working to create a new, even more destructive variant of the notorious Stuxnet malware, according to local Iranian news outlet Farsnews.
Farsnews reported that an unnamed source with links inside the Saudi Arabian secret service confirmed the news, warning the two nations plan to use it to further disrupt Iran's nuclear power program.
"Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on 24 November to increase the two sides' co-operation in intelligence and sabotage operations against Iran's nuclear program," claimed the unnamed source.
"One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet (a comprehensive US-Israeli program designed to disrupt Iran's nuclear technology) to spy on and destroy the software structure of Iran's nuclear program."
The original Stuxnet malware was uncovered targeting Iranian nuclear systems in 2010, and is believed to have been a joint project between the US and Israeli governments. The malware is considered a game changer in the security community for its ability to physically sabotage systems in power plants.
It is currently unclear if the Farsnews report is accurate, though director of security strategy at FireEye Jason Steer said it is certainly plausible.

"Given that this has already happened with Stuxnet, it is certainly more than plausible to believe that Stuxnet 2.0 is also possible. One would be naive to assume it wouldn't happen again. With the change in relationship between Iran and the US, it is highly likely that Israel and Saudi Arabia united to try and negate the threat of nuclear bombs on their front door,” he said.
The original Stuxnet worm hijacked control of Siemens industrial control systems, then forced them to alter key processes to damage machinery. The malware has since managed to spread outside of Iran and has affected several other power plants, some close to Europe.
Steer told V3 that, given how successful the original Stuxnet was at spreading, the fallout of a more advanced variant could be devastating for power plants, but will be of little concern to most regular businesses.
“Stuxnet was pretty powerful at disrupting the SCADA environment it was introduced to and has since jumped and gone into the wild – where it has even appeared on the International Space Station and Russian power stations, that we are aware of. So we should expect Stuxnet 2.0 to have an impact of a similar nature,” he said.
“Most businesses don't run SCADA [supervisory control and data acquisition] systems so unless you run a refinery, oil pipeline or something similar, then they will be safe from these types of industrial-style attacks. Most businesses should be more worried about the cybercrime attacks that wash up via email and on web pages their employees surf to every day that will enable remote access capabilities to their network, like Zeus and Houdini, that are exfiltrating data out of their business.”
Security tycoon Eugene Kaspersky confirmed in November that at least one Russian Nuclear Plant has been very badly infected by Stuxnet. Security experts have since said it is only a matter of time before a Stuxnet infection is discovered in the UK.
Attacks on critical infrastructure areas, such as power, are a growing problem facing governments and businesses. Numerous other cyber attacks have been uncovered hitting companies involved in critical infrastructure areas, and many of these attacks are currently believed to stem from China.

No comments:

Post a Comment