The Stuxnet worm first appeared in the summer of 2010. It is a computer worm weighing only 500 kilobytes that infiltrated numerous computer systems. This worm operated in three phases. First, it scanned and targeted Windows networks and computer systems, and then spread throughout the computer network to attack the systems for which it was designed. Uranium enrichment centrifuges are managed by Programmable logic controllers (PLCs).
The worm, once infiltrated into these machines, began to replicate by infiltrating the Windows-based Siemens Step7 software. This Siemens software system was and continues to be a widespread software within industrial computer networks, such as uranium enrichment plants. By compromising the Step7 software, the worm gained access to the Programmable logic controllers (PLCs), and this final step allowed the worm to manipulate crucial industrial information, as well as gain the ability to operate different machinery at individual industrial sites.
The replication process is what made the worm so widespread. It was so invasive that if a USB stick was plugged into a computer system where it was present inside, the worm would move from the USB device and begin spreading to all subsequent computer systems to which the USB was connected, such as within Air Gap networks, i.e. isolated networks that cannot be reached from the internet. Once the malware was launched, more than fifteen Iranian facilities were attacked and infected by the Stuxnet worm. This attack is believed to have been initiated from a worker’s USB drive inside the plant.
One of the affected industrial facilities was the Natanz nuclear power plant. Inspectors from the International Atomic Energy Agency visited the Natanz plant and observed that a strange number of uranium enrichment centrifuges were breaking down. The cause of these failures was unknown at the time. Later in 2010, Iranian technicians commissioned cybersecurity specialists in Belarus to examine their computer systems. This security firm eventually discovered multiple malicious files on Iranian computer systems. It later revealed that these malicious files were the Stuxnet worm.
No comments:
Post a Comment