Threat Management, Threat Management, Vulnerability Management

Stuxnet: Lessons not yet learned?

This week's information about Stuxnet started with the nearly universal conclusion that as a type of cyber threat, Stuxnet has clearly gained the critical infrastructure sector's attention:

Experts say the Stuxnet worm should serve as a wake-up call that cyberwarfare against critical infrastructure systems is a reality.

For your review, the Telecommunications Minister of Iran made a public statement this Monday, which detailed Iran's response to the Stuxnet threat:

Iranian computers are no longer facing this [Stuxnet] threat," he noted. "This computer malware wormed its way into industrial systems via flash memories and not through networks."

The Iranian minister reiterated that 'the sources' behind the spread of computer virus have been nearly identified.

Diving deeper: Latest Stuxnet details

Meanwhile, the latest details about Stuxnet have been added to the study crafted by ESETl's global malware research teams.

Version 1.2 of a comprehensive analysis of the Stuxnet phenomenon, updated to include pointers to additional resources and some further information on the Task Scheduler exploit as yet unpatched.

Diving deeper: Task scheduler exploit

One recent VUPEN Security analysis talks about this privilege escalation exploit, which according to some sources is a fairly regular programming problem and occurs globally across Windows, Mac and Linux operating systems.

Responses concerning other privilege escalation issues from Windows Technet teams have stated that most could not be exploited remotely or by anonymous users. However, historically this threat remains real:

If a user viewed a specially crafted website, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Wikipedia has more about privilege_escalation.

Rule of thumb: Keep systems updated.

Note that at the time of this article, this particular exploit has not yet had a patch issued. However, Version 1.2 of the Stuxnet study may aid IT defense teams in identifying solutions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.