How to Prevent Stuxnet and Similar Attacks on your Business

Hacking is now presenting infrastructure danger to the United Stated and other countries worldwide. This is a serious danger that should not and cannot be ignored.

Hacking into infrastructure could affect our energy supply, our water supply, our transportation systems and more. It all started with the mysterious introduction of the Stuxnet worm into Iran’s nuclear testing facility in June, 2010. Stuxnet has provided many others with a basic and virulent worm that can be modified to actually damage hardware.

The Stuxnet worm was originally designed to attack industrial PLCs (Programmable Logic Controllers) as they are called in the industry. PLCs allow programmers to set up programs that manage the mechanical processes that operate machinery in various environments such as factory assembly lines, amusement rides, or equipment for manufacturing nuclear material.

Facts about Stuxnet

  • Stuxnet targets Microsoft Windows operating system and networks, and then it seeks out PLC’s connected to the network.
  • Stuxnet is domain-specific, and it has now been modified to attack almost any brand PLC or similar SCADA systems.  (SCADA systems are supervisory control and data acquisition systems that handle large-scale processes that can include multiple sites, and large distances such as power plants, factories, and energy infrastructure.)
  • Stuxnet has three modules: a worm that executes all software and routines related to the main mission, a link file that finds and runs the propagated copies the original worm; and a special rootkit piece that hides all of the related Stuxnet worm components.

How Stuxnet Works

In order for the original Stuxnet worm to work correctly it has to be introduced into a system, usually via an infected USB thumb drive/flash drive. Stuxnet then travels throughout the network looking for specific hardware and software. If the proper combination of hardware and software is not found, Stuxnet just lays dormant and is usually undetected in the network and computers, waiting until the proper hardware and software are detected. Once the proper combination of software and hardware are installed onto the network, Stuxnet springs into action and usually attempts to destroy the attached hardware and sometimes the computers themselves, all the while sending “everything is normal” signals to the user, the computers and associated equipment.

Today what makes Stuxnet even worse is that it takes advantage of ICS (Integrated Computer Solutions). In the old days, the equipment that Stuxnet affected was never connected to computer systems or the Internet.  But, now that the Internet is in place, the Internet connects to computer networks and the computer networks connect to the PLC and SCADA devices.  So now hackers would have a clear path from the Internet to the actual devices that control factories, energy grids, manufacturing plants, and more.

How Can You Prevent Stuxnet from Getting into Your Network?

At this time there is no anti-virus to catch and control Stuxnet once it’s in your network. The best thing to do is avoid it, by implementing the following:

  1. Set up a layered defense that addresses security throughout the entire ICS extended network.  This defense must include security policies, training, component isolation, and enforced Methods and Procedures (M&P).  This also requires isolating critical communications in a secure and segmented manner.
  2. There should be proper physical and logical separation between different types of networks. For example, access to PLC and SCADA devices should not be available on the corporate network.
  3. Software must be written to detect non-conforming actions.
  4. Redundancy must be incorporated into the network design to avoid single points of failure.
  5. User privileges should be very strict and must be separate from corporate network credentials, using strong passwords and authentication techniques – maybe even including biometrics.

Stuxnet is very dangerous because it can cause actual physical harm to equipment, computers, energy grids, people, etc.  It can even become a WMD (Weapon of Mass Destruction) if it is implemented at singular site such as nuclear energy generating facilities, energy grid control facilities, traffic controls, or water and power facilities.

As of today, Stuxnet and many of its related cousins are attacking energy companies and their related business enterprises. Today it is energy companies, but what could it be tomorrow? …automobile factories? …electrical power plants? …nuclear power plants?

For more information, you might be interested in reading this recent New York Times article, Russian Hackers Targeting Oil and Gas Companies.

Do you need technical support in preventing attacks on your network and systems? Contact us at Oasis Technology today. We provide IT consulting and services to safeguard your organization’s information and system up-time.

George Baldonado
Oasis Technology, Inc
“We put the knowledge in technology” ®