Web-based attacks on organisations are undoubtedly growing; hackers flooding MasterCard’s website through a Denial of Service attack, cloning of independent media websites in Belarus, the list is endless. One attack stands out from the rest though, an attack named the Stuxnet virus. It is this attack that increases the urgency for corporations to ask themselves ‘are we prepared’?
This brilliant article by Kim Zetter on the Stuxnet Virus, its path, its decryption and what can only be described as the covert mission that surrounds it is a must-read for anyone interested in Network Security and the growing threats of web-based attacks.
For those not familiar with the Stuxnet virus, it is a virus so complex that it took a team of experts over a year to partially decode. The nature of the attack itself makes it truly revolutionary in cyber warfare, an attack with a purpose, not financial, not to infect as many end-users as possible, but to physically attack a highly secure military installation.
The target was a uranium enrichment plant just outside Natanz in central Iran and the mission was to destroy as many centrifuges as possible. So sophisticated in its development, the Stuxnet virus contained more than 5 zero days (complex exploits that are extremely hard to find and can sell for up to £500,000 on the black market) and an ability to seek out only the network at Natanz and once found deploy its attack.
Using exploits in the commands that run the motors for each of the plants’ centrifuges, the Stuxnet virus was able to vary their speeds to an extent where the centrifuge was eventually rendered useless. To an extent its mission was successful, damaging enough centrifuges to slow down Iran’s uranium enrichment program, but the exact source of the Virus and the number of zero-day exploits it contains are still unknown.
While most of us don’t have a uranium enrichment program to worry about, this does highlight the growing threat posed by web-based attacks such as Denial of Service (DoS) (recently becoming fairly common) and more worryingly, the potential for copycat Stuxnet attacks.
The financial ramifications of a denial of service attack that takes down your eCommerce website are reason enough to ask yourself if you’re prepared for an attack, but the growing complexity of attacks and the potential for someone to physically control processes within your business (machines on a manufacturing line for example), is a more pressing reason to ask yourself ‘are you prepared’?