Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
New research from Symantec has unveiled another piece of the puzzle relating to the elusive and troublesome Stuxnet malware. It's already known that the malware targets systems that control the PLC, or Programmable Logic Controller, which is a programmable microprocessor-based device typically used to control production machinery on an assembly line.
While researchers have ascertained that Stuxnet comes with a payload that will quietly modify selective bits of PLC code sent out from a controlling workstation, the very specialized nature of the changes has kept them from determining its exact purpose.
The Stuxnet Conspiracy
A Wired article puts it this way:
It [Stuxnet] inventories a plant's network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon ... Stuxnet targets only frequency drives from these two companies that are running at high speeds-between 807 Hz and 1210 Hz. Such high speeds are used only for select applications.
While Symantec was careful not to claim that Stuxnet was designed to target a nuclear facility, the security company did note in the same blog that
... efficient low-harmonic frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.
That's not all. The modification of the output frequency is only changed for short periods of time, effectively sabotaging whatever automation is in place and making detection even more difficult. To be clear: The fact that Stuxnet intercepts the commands between workstation and PLC without corrupting or replacing other software makes it extremely difficult to detect in the first place.
The Chilling Possibilities
Whether it's government-level action or industrial espionage, the entire incident highlights highly uncomfortable facts on the computer security front. For one, it's proven that the advanced state of IT integration today means that remote cyber attacks can result in "real world" damage. Rather than the unrealistic portrayal of hacking as seen in some movies of yesteryear, the sombre details involving Stuxnet show that such attacks can be pulled off with just a smattering of zero-day exploits and mundane ways of delivering them. My point? It is entirely possible to target an entity or corporation in a cyber attack and cause damage.
So what does this have to do with the small and mid-sized business? SMBs need to know that security lapses are no longer limited to mid- and long-term problems that are often the case from simple data leakages. Today, it is altogether possible for bank accounts to be emptied or "live" production systems to be sabotaged. While I've often belabored that security is for all, including SMBs, it is a topic I cannot emphasize enough. And yes, hackers are already increasingly targeting mid-sized organizations, too.