Stuxnet: UK and US nuclear plants at risk as malware spreads outside Russia

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
(Please especially note the last paragraph of the article. This is beyond belief. For those living downwind of a reactor, I would suggest relocation).

Security experts have warned the notorious Stuxnet malware has likely infected numerous power plants outside of Russia and Iran.

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

"The member of staff told us their nuclear plant network, which was disconnected from the internet was badly infected by Stuxnet," Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet's unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

"It didn't spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs," he said.

Director of security strategy at FireEye, Jason Steer, mirrored Sullivan's sentiment, adding the insecure nature of most critical infrastructure systems would make them an ideal breeding ground for Stuxnet.

"Stuxnet has mostly spread by USB and CD rom using removable drive vulnerabilities in Windows to date and continues to spread using remote calls to talk to and infect other computers on the network," Steer told V3.

"Many of these control systems are not connected to the internet, because they are so old and delicate that they cannot withstand any serious probing and examination, and frankly are not designed to connect to the internet as they are so insecure. Getting a vulnerability to a network not connected is not so difficult anymore if it's important enough."

Steer added the atypical way Stuxnet spreads and behaves, means traditional defences are ill equipped to stop, or even accurately track the malware's movements.

"It's highly likely that other plants globally are infected and will continue to be infected as it's in the wild and we will see on a weekly basis businesses trying to figure out how to secure the risk of infected USB flash drives," he said.

"When a PC is infected, the malware does many clever things, including not showing all the things that are on the USB so it's impossible to know if the USB is to be trusted or not and, as we know, using AV signatures doesn't solve some of these issues either."

Critical infrastructure networks' poor security and their use of outdated Windows XP and SCADA systems - industrial control software designed to monitor and control processes in power plants and factories - have been an ongoing concern for industry and governments.

Prior to Kaspersky's claims, experts Bluecoat Systems and the Jericho forum argued at the London 2012 Cybergeddon conference that critical infrastructure providers opened themselves up to cyber attacks by prematurely moving key systems online.

The US Department of Defense (DoD) said the premature move online is doubly dangerous as Chinese hackers are skilled enough to mount Stuxnet-level cyber attacks on critical infrastructure.

The use of XP in power plants is set to become even more dangerous as Microsoft has confirmed it will officially cut support for the 12-year-old OS in less than a year. The lack of support means XP systems will no longer receive critical security updates from Microsoft.

http://www.v3.co.uk/v3-uk/news/2306...nts-at-risk-as-malware-spreads-outside-russia
 

Detection

Level 1
Feb 25, 2011
247
Stuxnet sits dormant and does nothing unless it finds the specific Iranian plants computers though, it's not going to do anything to plants outside of Iran afaik

That was the whole point of it, send it out in the wild and wait for it to hit the Iranian plants, if it doesn't, it does nothing - would be pointless designing Stuxnet and sending it out in the wild if it could damage US / UK / Russian / plants
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Yes and No as far as Stuxnet itself. Remember that when the French backed out of the Plant construction contract, the facility was built with blueprints (and without doubt parts) that formed the basis of Russia's reactors. So Stuxnet may well be active in Russian facilties.

But the most troubling issue that was raised by this story has really nothing to do with the malware itself- it is that nuclear facilities in other countries can be so easily compromised by a CD or USB drive. Add to that the fact that essential (and dangerous) services are still running on an OS that, already intrinsically insecure, will become more so in a few months.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top