The Stuxnet Trojan may have knocked out as many as 1,000 centrifuges at Iran’s nuclear facility earlier this year. According to a Dec. 24 article in the Jerusalem Post, Stuxnet may have hit as many as 1,000 of the approximately 10,000 IR-1 centrifuges at Iran’s Natanz uranium enrichment facility. This is based on a paper from the Washington-based Institute for Science and International Security which analyzed the malware’s code. The virus caused the engines in Iran’s IR-1 centrifuges, which normally runs at 1,007 cycles per second, to speed up to as fast as 1,064 cycles per second, causing the vibrations to break the motors. Stuxnet was meant to be subtle and work slowly by causing "small amounts of damage" that would not make the system operators suspect malware.If you recall,
Stuxnet infected the machines via USB thumb drives, exploiting an AutoRun bug in the Windows operating system. Once on the machine, the malware checked for software programs that run Supervisor Control and Data Acquisition systems, often used to monitor automated industrial processes. If the infected machine happened to have logical controllers from Siemens, Stuxnet logged in using the software’s default password, which is the same for all Siemens controllers.
Future Stuxnet variants may be able to exploit critical physical infrastructure such as power grid controls or electronic voting systems. Enterprises have a number of systems and software that still have factory default passwords, or passwords that are so deeply embedded that they can’t be changed by the customer. Such was the case with Cisco’s Unified Video Conferencing 5100 series products, which had a hardcoded password for several accounts that can’t be changed or deleted. Cisco announced a free software upgrade to close the vulnerability in November, and also suggested a workaround where access to the Cisco UVC Web server was limited to only trusted hosts via access control lists on the network’s routers and switches.
Security analysts have speculated that Stuxnet used thumb drives to spread because many SCADA systems are not connected to the Internet, but have a USB port. Once on a device, it can replicate over the local network. The point of entry can be something as innocuous as programmable and network-ready coffee makers, many of which come with USB ports.While Stuxnet has hit computers in various countries, including the United States, Indonesia, Malyasia, United Kingdom, and Australia, Iran was perhaps the hardest hit, with over 62,000 infected machines.
No comments:
Post a Comment