RSA Coverage: Stuxnet Much Older than Thought

By | February 26, 2013

Posted in: Network Security Trends

Stuxnet, the sophisticated piece of malware that made headlines back in 2010 as the first computer cyber weapon is an evolved version of an earlier incarnation of the infamous worm, according to a Symantec white paper issued at the RSA conference today. The newly discovered Stuxnet variant, according to analysis of the version number embedded in its code, reportedly may have been in operation as early as 2005 – five full years ahead of the initial discovery.

Stuxnet 1.001 was created in 2009 to allegedly level attacks against Iranian nuclear facilities. Like its older sibling, Stuxnet 0.5 was also designed to target the same Siemens-run Industrial Control Systems (ICS). The difference, according to Symantec’s Francis deSouza, was that instead of attacking the motors of these machines, the earlier version took over the valves that controlled the flow of Uranium gas into the centrifuges.

deSouza, who kicked off his RSA keynote address with this revelation, said that this discovery alters the conception of the current threat landscape. The threats are older, more multi-faceted and expanding exponentially. And things aren’t always how they appear.

“We are now entering the end of the first decade of weaponized malware, ” deSouza said. “And with it, access to these cyber weapons has continued to get more democratized.”

He cited as an example a recent attack on a European bank during which the perpetrators launched a Distributed Denial of Service (DDoS) attack at the close of business on a Friday afternoon. While incident responders raced to mitigate the attack, the cyber attackers were apparently using this as a diversion and to carry out a spearfishing assault that pilfered account information and other sensitive data. They then used this data to create fake ATM cards which were outsourced to so-called “money mules,” who drained the victims’ accounts.

These multi-flank attacks are now the new normal and deSouza as well as other experts say they are seeing the evolution of a robust ecosystem to facilitate the various stages of attacks such as these.

“The (money) mules didn’t know anything about the initial attack,” he said. “The attackers wanted money mules with lower than average IQs.”

And they were easily attainable. As are higher end attackers who can launch sophisticated assaults for very little compensation.

But according to deSouza, appropriating the proper controls and incorporating a deeper analysis of so-called “Big Data” can handle these incidents

“I love big data because it gives us big intelligence, “ he said.

This monstrous pile of information gives security professionals a great basis for understanding the new threat landscape. It then allows enterprises to assess and interpret what is “normal” for their particular business.

In the coming year, deSouza says we can expect newer, bigger offerings that are pre-integrated to eliminate the need for costly patches and upgrades as well as a deeper focus on security partnerships that harness the expertise of various collaborators.

But it all starts with a deeper understanding of what is normal for any particular organization.

“Normal is the new intelligence,” deSouza added.

You May Also Be Interested In: