Organizations responsible for SCADA systems security should take Stuxnet seriously; it exploits multiple attack...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
vectors and clearly illustrates the vulnerabilities of SCADA systems. There are two things that make Stuxnet unique. One is the zero day it exploits in the LNK functionality (while many pieces of malware utilize zero days when initially identified, SCADA systems have never been exploited in this way before, and chances are it won't be the last time either). The other is that the malware was signed by Realtek as trusted software, meaning that part of the attack involved stealing a code-signing certificate from Realtek -- and the certificate used to sign the code wasn't revoked until news coverage prompted the revocation. Signed code is supposed to help protect systems from malware, but Stuxnet pointed out deficiencies in this type of protection.
The security community at large should take Stuxnet seriously as well because of the sophistication of the attack and the security vulnerabilities it was able to exploit. For home users or enterprises that don't manage SCADA systems, the risk is fairly low and patches have been released by Microsoft and other information security systems that include protections, like antimalware definitions.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.