« Back to article | Print this article |
Till September this year, 100,000 infected hosts and over 40,000 unique external IP addresses were affected.
Stuxnet has destroyed industrial control systems in as many as 155 countries, including India.
Click NEXT to read on
Stuxnet, the first computer worm to affect real-world equipment has impacted critical infrastructure such as nuclear power plants, dams, water treatment facilities and other factories.
While 60 per cent of the infections were observed in Iran, India had the third highest infection rate globally, just behind Indonesia. Nearly ten per cent of Stuxnet infections were observed in India.
Symantec observed that Stuxnet is sophisticated, well-funded, requires numerous experts in different fields, and is mostly bug-free, which is rare.
It would have taken a team of 5-10 people up to six months to write the Stuxnet code which leverages four zero-day vulnerabilities.
Click NEXT to read on
Stuxnet can propagate through multiple infection vectors such as USB drives, to infect systems that are typically not connected to the internet for security purposes, and aims to identify those hosts which have Step7 a software used to program PLCs (Programmable Logic Controllers) installed.
After the threat has installed itself, dropped its files, and gathered some information about the system it contacts the command and control server and sends some basic information about the compromised computer to the attacker via http.
Click NEXT to read on
On seeking Industrial Control Systems, Stuxnet changes the code in them to allow attackers to surreptitiously take control of these systems.
From Symantec's analysis, it is evident that authors are capable of monitoring inputs and changing outputs, which could mean this malware could lead to system shut-downs, explosions or the inability to control important attributes like pressure and temperature.
Click NEXT to read on how to control the missile worm
Many of today's threats are designed to steal information. Enterprises need to practice information intelligence and be able to guard against threats that get into an environment, as well as protect information from leaving the environment.
Click NEXT to read on
Click NEXT to read on
The adversaries behind this attack clearly had extensive knowledge of industrial control systems and their means of operation.
A likely prequel of attack against an industrial control system could be theft of key forms of intellectual property (design documents, vendor names and system configurations) from the corporate network, as a means of planning an attack against a company's critical infrastructure.
Click NEXT to read on