• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   2010 in Review: The Hype and Reality of Stuxnet

2010 in Review: The Hype and Reality of Stuxnet

  • Posted on:December 12, 2010 at 7:28 pm
  • Posted in:Malware
  • Author:
    Ivan Macalintal (Threat Research Manager)
16

Rightly or wrongly, the most talked-about issue in the security industry in 2010 has been Stuxnet. Some of this attention is rightly due to the attack’s sophistication, but even more is due to breathless speculation about “cyber-warfare,” the alleged links to Israel and Iran, and speculations about the foreign policy effects of Stuxnet. However, all this media attention tended to cloud the issue. Let me explain why.

There’s no doubt that Stuxnet is a highly sophisticated piece of malware with significant resources in terms of time, money, and manpower spent to develop. However, in terms of impact, most users were not significantly affected. True, Stuxnet did spread to a lot of systems around the world. But for almost all of the affected systems, it wasn’t a big problem. It did not steal information, it did not peddle fake antivirus products, neither did it send out spammed messages.

Neither is it completely accurate to say that Stuxnet heralded a new age of malware threats affecting “real-world” facilities. As early as 2003, the Slammer worm did hit a nuclear facility in Ohio and shut down a monitoring system. The DOWNAD/Conficker worm hit multiple high-profile institutions like hospitals (even infecting MRI machines), law enforcement agencies, and even various military organizations.

What can be said about Stuxnet is that it marks the first time someone decided that it was worth deliberately targeting a specific vendor’s SCADA platform. The technology to do so was already available but the motivation to do so was not.

These types of malware attack are few and far between in today’s threat landscape. Currently, information theft is still the biggest problem around. Data-stealing malware account for the majority of malware Trend Micro finds daily. For every Stuxnet infection we see today, we find thousands of incidents involving credential theft malware such as ZeuS and SpyEye.

Two separate lessons can be drawn from Stuxnet. For industrial control systems similar to those targeted by Stuxnet, it should serve as a huge wake-up call. Stuxnet hit “soft” targets that were not secured well. These systems were not properly secured, as they were in the “interior” of their networks and it may have been assumed that perimeter security would have been sufficient. Ultimately, a network is only as secure as its weakest link. Therefore, computers and networks that are part of these industrial control systems will have to be hardened at all levels. Third-party applications that are frequently targeted by exploits  such as Adobe Flash Player and Reader should always be kept up-to-date, if not removed from these systems if possible. Even attacks via removable devices such as USB drives have to be considered and defended against. This is not likely to be quick, easy to do, or inexpensive.

However, for users who are not in charge of critical systems, the danger from Stuxnet has to be placed in the proper context. Credential theft malware poses a far greater threat. In addition, it should be remembered that threats targeting critical systems are likely to be just that—targeted. The typical user is more likely to see more generic threats like credential theft and fake antivirus malware.

The bottom line is that while Stuxnet has enjoyed a great deal of media attention, it’s more significant as a warning to system administrators to secure critical systems—even the ones they think wouldn’t be exposed to malware—than as an actual threat. It’s a problem that has to be placed in the context of the greater malware threat, which sees tens of thousands of new threats every day, the vast majority of which end up stealing user information.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Windows App Runs on Mac, Downloads Info Stealer and Adware
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.