Stuxnet: One of the Most Dangerous Cyber Weapons Ever Created
Stuxnet is a computer worm which is specifically designed to attack embedded systems. Its primary target is to attack the industrial control systems which are used to support the infrastructure facilities like water treatment, light fixture, etc. Programmable logic controller is a digital device which is used in many industries to control electromechanical process. Attacker tries to change the code in programmable logic controller (PLC) which is used to control the embedded system. Stux is one of the Dangerous malwares for the embedded system, and it is very hard to detect Stuxnet because it has rootkit component which hides all the malicious files and presence of Stuxnet.
Security expert Roel Schouwenberg has done extensive research on Stuxnet and found that Stuxnet starts infecting our embedded system in six steps:
As we know that USB drive is one of the important sources for many infections and when we talk about Stuxnet, the first window system which got infected by Stuxnet is through infected USB drive. Then it automatically starts searching for a network of the infected system and looks for another target system, and if it goes successful then it will download an updated version of worm and try to compromise and search for a vulnerability.
Once it finds a vulnerability either it may be zero-day vulnerability or known vulnerability which not got patched by vendor, it will use that as an advantage and try to send some false control signal to the system like it will send a signal to centrifuges to spin continuously out of control and send false data to the monitoring activity which shows that everything is running fine.
It is important to take some mitigate steps to protect our static environment. Some of the methods include:
1. Manual Updates:
It is always risky to enable automatic updates because it requires frequent access to the internet. It is a good idea if you use manual updates and download them in a separate environment and verify them if it is valid, applies those updates to the system in a static environment.
Redundancy is one of the important factors by which we can ensure that our system continues to operate if any failure occur. A common example of ensuring redundancy is Redundant Array of Inexpensive Disk (RAID) which includes multiple disks so that it continues to operate if any of the disks got failed. SCADA system often includes redundant control to take over if one fails.
In daily practices, hackers are finding new tactics to access a system in an unauthorised manner. And it will be very easy for them to penetrate one security layer. So it is always suggested to use multiple layers of security to ensure the system remain in a safe state. For example, you can use a firewall to protect unauthorised traffic and at the same time you can use network intrusion prevention system which provides an additional layer of security.
4. Updated Firmware Control:
Most static systems have embedded firmware installed on them. Try to use the most updated version of Firmware with all updated patches.