Eric Byres, CTO and VP engineering, Tofino Security
Stuxnet and Flame are the new frontier in malware design. They incorporate an amazing level of non-IT knowledge into their functionality. For example, Stuxnet took advantage of obscure programmable logic controller (PLC) flaws so it could attack Iran’s nuclear facilities. Other APTs may be specific in their spear phishing, but their underlying toolkit is basic.
Both stayed under the world’s radar for a long time. They fooled the entire security industry.
These APTs were not one-trick ponies stealing financial data. They were multifunction toolkits that were reconfigurable by their masters. Stuxnet’s initial task was likely stealing PLC logic, but that soon morphed into a new direction – damaging industrial equipment. Flame was closer to a business management system than malware.
Most importantly, Flame and Stuxnet signal a new era where industry, especially the energy industry, is a key target in a growing world of sophisticated, government-sponsored malware.
Ron Gula, CEO and co-founder, Tenable Network Security
In the information security industry, having to discern between pretend and actual threats is nothing new. I remember when botnets were only theory – and now they are blamed for late trains and skewed election results.
With Stuxnet, Flame and APTs, we’ve given our real and imagined adversaries advanced powers of hacking and information dominance. Instead of hyping the fact that we have the means to stop these types of attacks, we’ve hyped our enemy’s meager capabilities.
Fortunately, it is all hype. Don’t get me wrong – there are real adversaries who are robbing us blind and probing our critical infrastructure. They are just doing it with techniques and methods the information security field has been discussing for the past two decades.
I’ve spoken with hundreds of organizations that were successfully attacked over the years and they all had one major quality in common – they were not sufficiently monitoring their network.