Stuxnet could be used to attack critical infrastructure

Posted on 13-Aug-2010 by Point Blank Technologies

Remember the days when the worst threat you had to worry about from a computer virus was your hard drive crashing or your computer sending out millions of emails? Now it’s come to the point to where the critical infrastructures of entire countries can be targeted by malware attacks on industrial control systems.

Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a standard computer (in this case, a Microsoft Windows system). These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. Programmers use software (e.g., on a Windows PC) to create code and then upload their code to the PLCs. In a previous article, we described how vulnerabilities in these systems allowed for the distribution of malware targeted at these industrial platforms… which is now the foundation of a botnet called Stuxnet.

Previously, Symantec reported that Stuxnet can steal code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.

So, what’s the big deal, right? Now we have another botnet that is propagated through sneaker-net and USB drives. Well… consider this. By writing code to the PLC, Stuxnet can potentially control or alter how the system operates. A previous historic example includes a reported case of stolen code that impacted a pipeline. Code was secretly “Trojanized” to function properly and only some time after installation instruct the host system to increase the pipeline’s pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.

More info:
Stuxnet introduces the first known rootkit for industrial control systems
Stuxnet could hijack power plants, refineries (cnet.com)
Threat Write-up:W32-Stuxnet (Symantec.com)

This entry was posted in News, Security. Bookmark the permalink.

One Response to Stuxnet could be used to attack critical infrastructure

  1. Pingback: Smart Grid vulnerabilities | Innovative Technologies Forum