The computer worm Stuxnet entered the computer virus scene in 2010, although early versions of the software may have been released in 2009. It was unique in both its complexity and the fact that it targeted specific industrial control systems. The malware appears to be finely tuned to target Siemens industrial controllers by subverting programming software applications through the Windows operating system. It was the first computer virus detected that targeted programmable logic controllers. Kaspersky Lab concluded that due to its targeting and complexity it was likely developed with resources available to a nation state. Stuxnet seemed designed to target Iran’s uranium enrichment equipment.
As an embedded control system developer it opens up a whole new realm of concern. How do you protect industrial systems from attacks of this nature? With the interconnection of embedded systems via networks such as Bluetooth, Zigbee, or other wired and wireless connections it seems likely that developers will have to consider malware security as part of development. I’m guessing Siemens already does.
A recently uncovered piece of malware, Flame, appears to be related to the development of Stuxnet. Although this software does not appear to target embedded systems such as industrial controls, its level of complexity is something to take note of. From the previous “Flame” link Kaspersky Lab expert Aleks writes…
“Although we are still analyzing the different modules, Flame appears to be able to record audio via the microphone, if one is present. It stores recorded audio in compressed format, which it does through the use of a public-source library.
Recorded data is sent to the C&C through a covert SSL channel, on a regular schedule. We are still analyzing this; more information will be available on our website soon.
The malware has the ability to regularly take screenshots; what’s more, it takes screenshots when certain “interesting” applications are run, for instance, IM’s. Screenshots are stored in compressed format and are regularly sent to the C&C server – just like the audio recordings.
We are still analyzing this component and will post more information when it becomes available.”
The cyberwar arms race appears to be heating up, and who knows where it will end.