Organizations responsible for SCADA systems security should take Stuxnet seriously; it exploits multiple attack...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
vectors and clearly illustrates the vulnerabilities of SCADA systems. There are two things that make Stuxnet unique. One is the zero day it exploits in the LNK functionality (while many pieces of malware utilize zero days when initially identified, SCADA systems have never been exploited in this way before, and chances are it won't be the last time either). The other is that the malware was signed by Realtek as trusted software, meaning that part of the attack involved stealing a code-signing certificate from Realtek -- and the certificate used to sign the code wasn't revoked until news coverage prompted the revocation. Signed code is supposed to help protect systems from malware, but Stuxnet pointed out deficiencies in this type of protection.
The security community at large should take Stuxnet seriously as well because of the sophistication of the attack and the security vulnerabilities it was able to exploit. For home users or enterprises that don't manage SCADA systems, the risk is fairly low and patches have been released by Microsoft and other information security systems that include protections, like antimalware definitions.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this...continue reading
Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to ...continue reading
ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.