Stuxnet: UK And US Nuclear Plants At Risk As Malware Spreads Outside Russia

 

 

 

 

” Security experts have warned the notorious Stuxnet malware has likely infected numerous power plants outside of Russia and Iran.

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

“[The member of staff told us] their nuclear plant network, which was disconnected from the internet […] was badly infected by Stuxnet,” Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet’s unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

It didn’t spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs,” he said.”

 

 

Here is a very thorough and detailed article for those readers interested in learning more about the history of Stuxnet .

 

Illlustration "How Stuxnet Worked"

 

 

” Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.

Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.

This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)”

 

 

Further reading :

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

Confirmed: US and Israel created Stuxnet, lost control of it

The History of Stuxnet: Key Takeaways

Stuxnet: Anatomy of a Computer Virus on Vimeo