The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial assets. The worm used both known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-practice security technologies and procedures, including firewalls, authentication, and anti-virus software to
name a few.
Since the discovery of Stuxnet, there has been extensive analysis of Stuxnet’s internal workings. What has not been discussed is how the worm might have migrated from the outside world to supposedly isolated and secure industrial control systems (ICS). Understanding the routes that a directed worm takes as it targets an ICS is critical if these vulnerable pathways are to be closed for future worms.
This presentation is meant to provide a summary of how modern day cyber threats may work their way through even the most protected networks. It also takes a look at what can be learned from the analysis of pathways in order to prevent infection from future worms - whether targeted or not. If the systems that control critical infrastructure are to remain safe
and secure, then owners, operators, integrators, and vendors need to recognize that their control systems are now the target of sophisticated attacks. Improved defense-in-depth postures for industrial control systems are needed urgently. Waiting for the next worm may be too late.