I read about this Stuxnet worm on Straits Times today. Now, Kaspersky has issue a Press Release to address this fearsome worm.
STUXNET WORM A FEARSOME PROTOTYPE OF A NEW CYBER-WEAPON
Attack aimed at sabotaging oil pipelines, power plants,
communication systems, airports and ships
September 24, 2010 [Singapore] – Kaspersky Lab today described the Stuxnet worm as a working – and fearsome – prototype of a new type of cyber-weapon.
Kaspersky Lab believes Stuxnet heralds a new age of cyber-warfare, as the attack could only be conducted with nation-state support and backing.
The malicious program is not designed to steal money, send spam or grab personal data – it is designed to sabotage oil pipelines, power plants, large communication systems, airports, ships and even military installations globally.
The recent Stuxnet worm attack has sparked global concern and speculation about the intent, purpose, origins and — most importantly – the identity of the attacker and target.
Kaspersky Lab has not seen enough evidence to identify the attackers or the intended target but we can confirm that this is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team with intimate knowledge of SCADA technology.
The worm’s ultimate aim was to access Simatic WinCC SCADA, used as industrial control systems that monitor and control industrial, infrastructure, or facility-based processes. Similar systems are widely used in plants and industrial facilities globally.
The inside knowledge of SCADA technology, the sophistication of the multi-layered attack, the use of multiple zero-day vulnerabilities and legitimate certificates suggests Stuxnet was created by a team of extremely skilled professionals who possess vast resources and financial support.
“I think that this is the turning point – a time when we have arrived at a really new world. In the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars,” said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab.
Speaking at the Kaspersky Security Symposium with international journalists in Munich, Germany, Kaspersky described Stuxnet as the opening of Pandora’s Box.
“I am afraid this is the beginning of a new world. The nineties were a decade of cyber-vandals, 2000’s were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyber-terrorism,” Kaspersky added.
Researchers at Kaspersky Lab independently discovered that the worm exploited four separate zero-day vulnerabilities. Kaspersky analysts reported three of these new vulnerabilities directly to Microsoft and coordinated closely with the vendor during the creation and release of software fixes.
In addition to exploiting four zero-day vulnerabilities, Stuxnet uses two valid certificates (from Realtek and JMicron) which helped keep the malware under the radar for quite a long period of time.
The target of the attack and the geography of its outbreak (primarily Iran) suggest that this was not a regular cyber-criminal group. Kaspersky’s security experts that analyzed the worm code insist that Stuxnet’s primary goal was not to spy on infected systems, but to conduct sabotage.
About Kaspersky Lab
Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab is one of the top vendors of information security solutions in the world. The company’s products and technologies are used by over 250 million people worldwide, its technology is licensed by leading security vendors globally. The Kaspersky Lab group of companies is headquartered in Moscow, has five regional divisions including Southeast Asia and numerous local offices throughout the world. You can learn more about Kaspersky Lab by visiting www.kaspersky-sea.com. For the latest on anti-virus, anti-spyware, anti-spam and other IT security issues and trends, please visit www.viruslist.com.
To know more about Kaspersky latest news, events and activities, please join Kaspersky Friends and Fan Klub, visit www.kklub.net.
© 2009 Kaspersky Lab. The information contained herein is subject to change without notice. The only warranties for Kaspersky Lab products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Kaspersky Lab shall not be liable for technical or editorial errors or omissions contained herein.
[ad#boxlist]