The recent Stuxnet attacks are only the “first strike” in a well-prepared assault on major industrial resources, an ENISA brief said.
Stuxnet is a specialized malware targeting supervisory control and data acquisition (SCADA) systems running Siemens SIMATIC software for process visualization and system control, ENISA explained. SCADA systems monitor and control industrial processes, such as those in nuclear power plants or in facilities for water treatment.
The Stuxnet malware uses several vulnerabilities in the underlying Windows operating system for infection and propagation. Infection works via USB drives or open network shares. A root kit component hides the content of the malware on infected systems. An infected system can usually be controlled remotely by the attacker. In the end this means that the attacker can gain full control of the respective facility.
Siemens recommends using TrendMicro’s Sysclean tool for removing the Stuxnet malware. Siemens said it knows of 15 systems that have been infected worldwide.
“After Stuxnet, the currently prevailing philosophies on [critical information infrastructure protection] will have to be reconsidered. They should be developed to withstand these new types of sophisticated attack methods. Now, that Stuxnet and its implemented principles have become public, we may see more of these kinds of attacks. All security actors will thus have to be working more closely together and develop better and more coordinated strategies”, said Udo Helmbrecht, executive director of ENISA.