- Stuxnet has been in play since at least 2009.
- Specifically looks for Siemens PLC models S7-417 and S7-315-2, both widely deployed in the US.
- PLC infection only occurs when the PLC contains the Profibus-DP communications processor
- Windows 64-bit platforms not affected (32-bit targeted).
- Malware package very sophisticated even with some sloppy controls (could’ve been more restricted and targeted, and stayed hidden longer).
- The question of how to ensure the integrity of PLC code has not been addressed in detail.
On Nov 12th, Eric Chien's posting Stuxnet: A Breakthrough keyed in on important tips and insights provided by a Dutch Profibus expert that helps determine exactly the purpose for Stuxnet. Symantec's updated W32.Stuxnet Dossier v1.3 Nov 2010 white paper now more clearly describes how the malware targets and sabotages specific models of higher speed motor driving frequency converters over an extended time frame.
This additional insight underscores the need to increasingly manage similar potential "Advanced Persistent Threat" risks to critical infrastructure. Stuxnet's very clever payload is just one example of how similar hidden, targeted malware could pose a substantial threat to critical infrastructure even as this real world example has focused more on sabotaging systems akin to those used in uranium enrichment activities.
More:
No comments:
Post a Comment