Stuxnet infected the machines via USB thumb drives, exploiting an AutoRun bug in the Windows operating system. Once on the machine, the malware checked for software programs that run Supervisor Control and Data Acquisition systems, often used to monitor automated industrial processes. If the infected machine happened to have logical controllers from Siemens, Stuxnet logged in using the software’s default password, which is the same for all Siemens controllers.
Future Stuxnet variants may be able to exploit critical physical infrastructure such as power grid controls or electronic voting systems. Enterprises have a number of systems and software that still have factory default passwords, or passwords that are so deeply embedded that they can’t be changed by the customer. Such was the case with Cisco’s Unified Video Conferencing 5100 series products, which had a hardcoded password for several accounts that can’t be changed or deleted. Cisco announced a free software upgrade to close the vulnerability in November, and also suggested a workaround where access to the Cisco UVC Web server was limited to only trusted hosts via access control lists on the network’s routers and switches.
Security analysts have speculated that Stuxnet used thumb drives to spread because many SCADA systems are not connected to the Internet, but have a USB port. Once on a device, it can replicate over the local network. The point of entry can be something as innocuous as programmable and network-ready coffee makers, many of which come with USB ports.While Stuxnet has hit computers in various countries, including the United States, Indonesia, Malyasia, United Kingdom, and Australia, Iran was perhaps the hardest hit, with over 62,000 infected machines.
No comments:
Post a Comment