Tag Archives: stuxnet

Discovery of new “zero-day” exploit links developers of Stuxnet, Flame

Quite interesting news:

An early version of Stuxnet dating back to 2009 contained executable code that targeted what was then an unknown security flaw in Microsoft Windows, a discovery that brings the number of zero-day vulnerabilities exploited by the malware to at least five, researchers from Kaspersky Lab said Monday morning. Even more significantly, they discovered that a 6MB chunk of code found in the Stuxnet.A (1.0) variant contained the guts of today’s Flame. In addition to unearthing previously overlooked data about how Stuxnet hijacked targeted networks, the discovery is important because it establishes the first positive connection between the developers of Stuxnet and those behind Flame, which came to light two weeks ago as a highly sophisticated espionage platform that targeted computers in Iran and other Middle Eastern countries.

The techie in me is boggled at the resources they poured into discovering zero-day exploits, applications to exploit them, and the entire malware package wrapped around it.

The citizen in me is just amazed that the U.S. government is comfortable committing so much sabotage, espionage, and military action against nations with which we are not at war.  It’s just another reminder that you cannot trust your government.

via Discovery of new “zero-day” exploit links developers of Stuxnet, Flame | Ars Technica.

Cyberattacks On Critical Infrastructure Are Increasing, Study Says

Unfortunately, while regulatory agencies and utilities are pushing to expand “smart grid” technologies, they don’t seem to care about how vulnerable to attack they are.

“Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, former United States Director of Central Intelligence.

The new study reveals that while the threat level to critical infrastructures has accelerated, the response level has not, even after the majority of respondents frequently found malware designed to sabotage their systems (nearly 70 percent), and nearly half of respondents in the electric industry sector reported that they found Stuxnet on their systems.

via Cyberattacks On Critical Infrastructure Are Increasing, Study Says – Darkreading.